[secdir] SECDIR review: draft-ietf-dnsext-dnssec-rsasha256

Kurt Zeilenga <Kurt.Zeilenga@isode.com> Wed, 16 September 2009 09:11 UTC

Return-Path: <Kurt.Zeilenga@isode.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E5B983A6AC8; Wed, 16 Sep 2009 02:11:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.562
X-Spam-Level:
X-Spam-Status: No, score=-2.562 tagged_above=-999 required=5 tests=[AWL=0.038, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mx7C6LfMm0jm; Wed, 16 Sep 2009 02:11:40 -0700 (PDT)
Received: from rufus.isode.com (rufus.isode.com [62.3.217.251]) by core3.amsl.com (Postfix) with ESMTP id DDCE23A6ABA; Wed, 16 Sep 2009 02:11:39 -0700 (PDT)
Received: from [192.168.1.108] ((unknown) [62.3.217.253]) by rufus.isode.com (submission channel) via TCP with ESMTPSA id <SrCr-wB9YS=o@rufus.isode.com>; Wed, 16 Sep 2009 10:12:27 +0100
X-SMTP-Protocol-Errors: NORDNS
From: Kurt Zeilenga <Kurt.Zeilenga@isode.com>
In-Reply-To: <alpine.BSF.2.00.0909101523400.54991@fledge.watson.org>
Date: Wed, 16 Sep 2009 10:12:25 +0100
Message-Id: <9E513A07-3BE5-4D49-9BD9-211CBF0724CC@isode.com>
References: <alpine.BSF.2.00.0909101523400.54991@fledge.watson.org>
To: draft-ietf-dnsext-dnssec-rsasha256@tools.ietf.org, ajs@shinkuro.com
X-Mailer: Apple Mail (2.1076)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Cc: dnssec-chairs@tools.ietf.org, The IESG <iesg@ietf.org>, Security Area Directorate <secdir@ietf.org>
Subject: [secdir] SECDIR review: draft-ietf-dnsext-dnssec-rsasha256
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Sep 2009 09:11:41 -0000

I have reviewed this document as part of the security directorate's  
ongoing effort to review all IETF documents being processed by the  
IESG.  These comments were written primarily for the benefit of the  
security area directors.  Document editors and WG chairs should treat  
these comments just like any other last call comments.

This document details how to produce RSA/SHA-512 and RSA/SHA-256  
DNSKEY and RRSIG RRs in DNS.

I find the document more than adequately discusses and addresses  
security considerations.

I do note that the document appears to place an additional  
recommendation upon implementors of DNSSEC (in Section 5.1) yet does  
not "update" any DNSSEC specification.   It may be appropriate for  
this I-D to "update" (upon approval/publication) DNSSEC specifications.

Regards, Kurt