Re: [secdir] Security review of draft-ietf-dnsop-onion-tld-00.txt

Mark Nottingham <> Sat, 29 August 2015 10:10 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 9969D1B2FCB; Sat, 29 Aug 2015 03:10:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.602
X-Spam-Status: No, score=-2.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id VDbucbhrQOiE; Sat, 29 Aug 2015 03:10:54 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 28B1E1B2E99; Sat, 29 Aug 2015 03:10:54 -0700 (PDT)
Received: from [] (unknown []) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id 4F2EB22E1F4; Sat, 29 Aug 2015 06:10:46 -0400 (EDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2102\))
From: Mark Nottingham <>
In-Reply-To: <>
Date: Sat, 29 Aug 2015 20:10:44 +1000
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <007601d0c2c3$7615b610$62412230$> <> <> <> <>
To: Barry Leiba <>
X-Mailer: Apple Mail (2.2102)
Archived-At: <>
Cc: secdir <>, Alec Muffett <>, Kathleen Moriarty <>, "" <>, The IESG <>, Brad Hill <>
Subject: Re: [secdir] Security review of draft-ietf-dnsop-onion-tld-00.txt
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 29 Aug 2015 10:10:56 -0000


> On 29 Aug 2015, at 12:55 am, Barry Leiba <> wrote:
> Supporting one point about updating the draft:
>>> At the suggestions of Mark Nottingham & Richard Barnes (cc:) we have
>>> refrained from issuing revisions to the draft because of the impending
>>> 2015-09-03 IESG telechat, in order that discussion does not derail for
>>> pursuit of a moving target
>> Comments from other ADs are asking about the comments that have not
>> been addressed.  The effect of this is that the ADs are reviewing and
>> don't know if outstanding comments from reviewers in last call will be
>> addressed.  I recommend asking the sponsoring AD if you could upload a
>> new version today.  I didn't cast my ballot after reading it yet as
>> the SecDir review wasn't addressed and Christian had some good points.
>> If we at least had a version to look at that addressed the points, it
>> would help some of us... even if it's posted elsewhere.
> I really don't understand the allergy that some of us seem to have
> toward updating drafts.  The fact that people are reviewing the draft
> shouldn't matter.  Why, if there are updates pending, should anyone
> consider it more useful to continue to have people review an old
> version, when we could be posting a new one for review?  It makes no
> sense to me, but it's common advice.
> I suggest we encourage people to post revisions when they think it
> would be useful, and only hold back under specific circumstances that
> we think merit an unchanging draft for a while (such as, we have
> updates proposed but they're still being batted around and aren't
> ready to commit yet).
> I'd rather have people reviewing the latest version, rather than
> re-raising things that were already discussed and addressed.


I'm sure the authors will be happy to update the draft. The advice we Richard and I gave was ~two days before the IESG telechat, and it didn't seem wise to update it at that point.

If the IESG would like to set a clear, unambiguous policy about this, I'm sure it would be welcomed; personally, I've heard advice both ways, and have not yet figured out how to make everyone happy.


Mark Nottingham