[secdir] Secdir last call review of draft-ietf-dnsop-algorithm-update-06

Brian Weis <bew.stds@gmail.com> Thu, 28 February 2019 22:02 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Brian Weis <bew.stds@gmail.com>
To: secdir@ietf.org
Cc: draft-ietf-dnsop-algorithm-update.all@ietf.org, dnsop@ietf.org, iesg@ietf.org
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <155139137116.28679.2329019149187176312@ietfa.amsl.com>
Date: Thu, 28 Feb 2019 14:02:51 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/fwFBTk59GfcZaOb0fRlzKP91irM>
Subject: [secdir] Secdir last call review of draft-ietf-dnsop-algorithm-update-06

Reviewer: Brian Weis
Review result: Ready

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These comments
were written primarily for the benefit of the security area directors. Document
editors and WG chairs should treat these comments just like any other last call
comments.

This document specifies updated DNSSEC algorithm recommendations. It includes
updates on DNSKEY, DS and CDS algorithms. The recommendations are similar to
the methodology defined for IPSec algorithm recommendations, which have been
useful to implementors and users.

The actual algorithm recommendations (MUST, RECOMMENDED, NOT RECOMMENDED, MAY,
MUST NOT) are in line with current general algorithm guidance, and match the
goals set forth in the document. I make no further comment on them as the
details of the recommendations have likely to have been finely honed through
debate within the working group.

I believe the document is ready to publish.

[secdir] Secdir last call review of draft-ietf-dn… Brian Weis