[secdir] Secdir last call review of draft-ietf-dnsop-algorithm-update-06

Brian Weis <bew.stds@gmail.com> Thu, 28 February 2019 22:02 UTC

Return-Path: <bew.stds@gmail.com>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 31F96128AFB; Thu, 28 Feb 2019 14:02:51 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Brian Weis <bew.stds@gmail.com>
To: <secdir@ietf.org>
Cc: draft-ietf-dnsop-algorithm-update.all@ietf.org, dnsop@ietf.org, iesg@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.92.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <155139137116.28679.2329019149187176312@ietfa.amsl.com>
Date: Thu, 28 Feb 2019 14:02:51 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/fwFBTk59GfcZaOb0fRlzKP91irM>
Subject: [secdir] Secdir last call review of draft-ietf-dnsop-algorithm-update-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Feb 2019 22:02:51 -0000

Reviewer: Brian Weis
Review result: Ready

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These comments
were written primarily for the benefit of the security area directors. Document
editors and WG chairs should treat these comments just like any other last call
comments.

This document specifies updated DNSSEC algorithm recommendations. It includes
updates on DNSKEY, DS and CDS algorithms. The recommendations are similar to
the methodology defined for IPSec algorithm recommendations, which have been
useful to implementors and users.

The actual algorithm recommendations (MUST, RECOMMENDED, NOT RECOMMENDED, MAY,
MUST NOT) are in line with current general algorithm guidance, and match the
goals set forth in the document. I make no further comment on them as the
details of the recommendations have likely to have been finely honed through
debate within the working group.

I believe the document is ready to publish.