[secdir] Review of draft-ietf-dnsop-rfc4641bis-12
Shawn Emery <shawn.emery@oracle.com> Tue, 28 August 2012 07:23 UTC
Return-Path: <shawn.emery@oracle.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E3A311E80BF; Tue, 28 Aug 2012 00:23:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.598
X-Spam-Level:
X-Spam-Status: No, score=-10.598 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fY0msT9ROupF; Tue, 28 Aug 2012 00:23:40 -0700 (PDT)
Received: from rcsinet15.oracle.com (rcsinet15.oracle.com [148.87.113.117]) by ietfa.amsl.com (Postfix) with ESMTP id E21DB11E808D; Tue, 28 Aug 2012 00:23:39 -0700 (PDT)
Received: from ucsinet21.oracle.com (ucsinet21.oracle.com [156.151.31.93]) by rcsinet15.oracle.com (Sentrion-MTA-4.2.2/Sentrion-MTA-4.2.2) with ESMTP id q7S7NcBk001288 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 28 Aug 2012 07:23:39 GMT
Received: from acsmt357.oracle.com (acsmt357.oracle.com [141.146.40.157]) by ucsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id q7S7NbYo021198 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 28 Aug 2012 07:23:37 GMT
Received: from abhmt105.oracle.com (abhmt105.oracle.com [141.146.116.57]) by acsmt357.oracle.com (8.12.11.20060308/8.12.11) with ESMTP id q7S7NarS029372; Tue, 28 Aug 2012 02:23:37 -0500
Received: from [10.159.71.178] (/10.159.71.178) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 28 Aug 2012 00:23:36 -0700
Message-ID: <503C71A4.30709@oracle.com>
Date: Tue, 28 Aug 2012 01:22:12 -0600
From: Shawn Emery <shawn.emery@oracle.com>
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:10.0.6esrpre) Gecko/20120731 Thunderbird/10.0.6
MIME-Version: 1.0
To: secdir@ietf.org
References: <50065F08.1090307@oracle.com>
In-Reply-To: <50065F08.1090307@oracle.com>
Content-Type: multipart/alternative; boundary="------------030901080104060804000009"
X-Source-IP: ucsinet21.oracle.com [156.151.31.93]
Cc: iesg@ietf.org, draft-ietf-dnsop-rfc4641bis.all@tools.ietf.org
Subject: [secdir] Review of draft-ietf-dnsop-rfc4641bis-12
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Aug 2012 07:23:40 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This informational draft describes the operational practices for administrating a DNSSEC environment. Specifically the management of keys and signatures in DNS. The draft intends to obsolete RFC 4641. The security considerations section does exist and is somewhat terse in its explanation of mitigating spoofing and DoS attacks. This should be expanded or at least a reference made. General comments: None. Editorial comments: Consistency: SEP is expanded, but not DS. s/purposes X will somewhere/purposes, X will be somewhere/ s/such as e.g. RFC 5011/e.g. RFC 5011/ Shawn. --
- [secdir] Review of draft-ietf-mpls-tp-identifiers… Shawn Emery
- [secdir] Review of draft-ietf-sidr-ghostbusters-14 Shawn Emery
- [secdir] Review of draft-ietf-rtgwg-lfa-applicabi… Shawn Emery
- Re: [secdir] Review of draft-ietf-rtgwg-lfa-appli… Stewart Bryant
- [secdir] Review of draft-ietf-manet-smf-13 Shawn Emery
- Re: [secdir] Review of draft-ietf-manet-smf-13 Joe Macker
- [secdir] Review of draft-ietf-conex-concepts-uses… Shawn Emery
- [secdir] Review of draft-melnikov-smtp-priority-t… Shawn Emery
- Re: [secdir] Review of draft-melnikov-smtp-priori… Alexey Melnikov
- [secdir] Review of draft-ietf-dnsop-rfc4641bis-12 Shawn Emery
- Re: [secdir] Review of draft-ietf-dnsop-rfc4641bi… Matthijs Mekking
- Re: [secdir] Review of draft-ietf-dnsop-rfc4641bi… Shawn Emery
- [secdir] Review of draft-ietf-karp-ospf-analysis-… Shawn Emery
- [secdir] Review of draft-ietf-oauth-assertions-09 Shawn Emery
- Re: [secdir] Review of draft-ietf-oauth-assertion… Shawn Emery
- [secdir] Review of draft-ietf-dhc-dhcpv6-client-l… Shawn Emery
- Re: [secdir] Review of draft-ietf-dhc-dhcpv6-clie… Gaurav Halwasia (ghalwasi)
- [secdir] Review of draft-ietf-netmod-interfaces-c… Shawn Emery
- Re: [secdir] Review of draft-ietf-netmod-interfac… Martin Bjorklund
- Re: [secdir] Review of draft-ietf-netmod-interfac… Benoit Claise
- Re: [secdir] Review of draft-ietf-netmod-interfac… Shawn Emery
- [secdir] Review of draft-ietf-xrblock-rtcp-xr-jb-… Shawn M Emery
- Re: [secdir] Review of draft-ietf-xrblock-rtcp-xr… Qin Wu
- Re: [secdir] Review of draft-ietf-xrblock-rtcp-xr… Gonzalo Camarillo
- Re: [secdir] Review of draft-ietf-xrblock-rtcp-xr… Donald Eastlake
- Re: [secdir] Review of draft-ietf-xrblock-rtcp-xr… Gonzalo Camarillo
- [secdir] Review of draft-ietf-repute-query-http-09 Shawn M Emery
- Re: [secdir] Review of draft-ietf-repute-query-ht… Shawn M Emery
- Re: [secdir] Review of draft-ietf-repute-query-ht… Uri Blumenthal
- Re: [secdir] Review of draft-ietf-repute-query-ht… Dave Crocker
- Re: [secdir] Review of draft-ietf-repute-query-ht… Murray S. Kucherawy
- Re: [secdir] Review of draft-ietf-repute-query-ht… Shawn M Emery
- [secdir] Review of draft-ietf-tictoc-security-req… Shawn M Emery
- Re: [secdir] Review of draft-ietf-tictoc-security… Tal Mizrahi
- [secdir] Review of draft-ietf-cdni-requirements-13 Shawn M Emery
- Re: [secdir] Review of draft-ietf-cdni-requiremen… Kent Leung (kleung)
- [secdir] Review of draft-ietf-isis-rfc6326bis-01 Shawn M Emery
- [secdir] Review of draft-ietf-tcpm-fastopen-08 Shawn M Emery
- Re: [secdir] Review of draft-ietf-tcpm-fastopen-08 Scharf, Michael (Michael)
- [secdir] Review of draft-ietf-hip-rfc5202-bis-05 Shawn M Emery