Re: [secdir] Security review of draft-ietf-dnsop-onion-tld-00.txt

Kathleen Moriarty <> Sat, 29 August 2015 12:17 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id B51231B2A43; Sat, 29 Aug 2015 05:17:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id f0RDfg8qbSyp; Sat, 29 Aug 2015 05:17:56 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400d:c09::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 8584F1AD255; Sat, 29 Aug 2015 05:17:56 -0700 (PDT)
Received: by qkfh127 with SMTP id h127so42032530qkf.1; Sat, 29 Aug 2015 05:17:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=from:content-type:mime-version:subject:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=VDMpq9Krlx+qLRd4+p4mrq4qDMpeFH9GyqcMI0pzt9k=; b=abaweJl/SZNVgyscYShVvvzg2hHkE0uU1AqRFXkDOhR30tz9I4CbH7t0a8MZXMQOCW QwDh03WV77/NpzYk63k1/WBn2LMakXWpmEzSIYYRppGi0dVYnB+QA7ilTzP/IBULDlgA aG8arb/yEJiC8ofmSOlct9FH8mynsvpkL2dpdExkOuPp+QxqSb6yvwGYPzHL2+h8VzX1 4mJBGRGKz7F1uFDGGq5imiUXKCcmN5C3fBJTBMMCIHbxB0DnQxSz2FAr4/xBuOdREBIW dn73r5lg5iN0r2oknE6NoddsGq3ZlLwYxAxEdMmRzXiCilYV/NuIeuPsC+D37/eo7/xf Naog==
X-Received: by with SMTP id a77mr23753795qkj.2.1440850675871; Sat, 29 Aug 2015 05:17:55 -0700 (PDT)
Received: from [] ( []) by with ESMTPSA id n68sm5188120qge.46.2015. (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 29 Aug 2015 05:17:54 -0700 (PDT)
From: Kathleen Moriarty <>
X-Google-Original-From: Kathleen Moriarty <>
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (1.0)
X-Mailer: iPhone Mail (12H143)
In-Reply-To: <>
Date: Sat, 29 Aug 2015 08:17:53 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <007601d0c2c3$7615b610$62412230$> <> <> <> <> <>
To: Mark Nottingham <>
Archived-At: <>
Cc: secdir <>, Alec Muffett <>, "" <>, The IESG <>, Brad Hill <>, Barry Leiba <>
Subject: Re: [secdir] Security review of draft-ietf-dnsop-onion-tld-00.txt
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 29 Aug 2015 12:17:58 -0000


Sent from my iPhone

> On Aug 29, 2015, at 6:10 AM, Mark Nottingham <> wrote:
> Barry,
>> On 29 Aug 2015, at 12:55 am, Barry Leiba <> wrote:
>> Supporting one point about updating the draft:
>>>> At the suggestions of Mark Nottingham & Richard Barnes (cc:) we have
>>>> refrained from issuing revisions to the draft because of the impending
>>>> 2015-09-03 IESG telechat, in order that discussion does not derail for
>>>> pursuit of a moving target
>>> Comments from other ADs are asking about the comments that have not
>>> been addressed.  The effect of this is that the ADs are reviewing and
>>> don't know if outstanding comments from reviewers in last call will be
>>> addressed.  I recommend asking the sponsoring AD if you could upload a
>>> new version today.  I didn't cast my ballot after reading it yet as
>>> the SecDir review wasn't addressed and Christian had some good points.
>>> If we at least had a version to look at that addressed the points, it
>>> would help some of us... even if it's posted elsewhere.
>> I really don't understand the allergy that some of us seem to have
>> toward updating drafts.  The fact that people are reviewing the draft
>> shouldn't matter.  Why, if there are updates pending, should anyone
>> consider it more useful to continue to have people review an old
>> version, when we could be posting a new one for review?  It makes no
>> sense to me, but it's common advice.
>> I suggest we encourage people to post revisions when they think it
>> would be useful, and only hold back under specific circumstances that
>> we think merit an unchanging draft for a while (such as, we have
>> updates proposed but they're still being batted around and aren't
>> ready to commit yet).
>> I'd rather have people reviewing the latest version, rather than
>> re-raising things that were already discussed and addressed.
> *sigh*
> I'm sure the authors will be happy to update the draft. The advice we Richard and I gave was ~two days before the IESG telechat, and it didn't seem wise to update it at that point.

The telechat is Thursday of this coming week.  Since there are a number of comments that require text updates, it's a lot easier to update then to have each AD chase down what changes are coming in various threads.

You are correct that opinions vary.  However, this draft is showing up with AD comments about outstanding comments from last call that need to be addressed and we usually don't see that.

If it's possible to update over the weekend, I'll read it again and will specifically look at updates related to the SecDir review.  Other ADs are likely to focus on other comment updates.

I'll find time later today to respond to the email on the SecDir review in case that helps.

Thank you,

> If the IESG would like to set a clear, unambiguous policy about this, I'm sure it would be welcomed; personally, I've heard advice both ways, and have not yet figured out how to make everyone happy.
> Cheers,
> --
> Mark Nottingham