Re: [secdir] Security review of draft-ietf-dnsop-onion-tld-00.txt

Barry Leiba <> Fri, 28 August 2015 14:55 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id EC5EB1B301B; Fri, 28 Aug 2015 07:55:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id NLO6G0_VeV5Q; Fri, 28 Aug 2015 07:55:18 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400c:c05::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 92EF91B2FC1; Fri, 28 Aug 2015 07:55:18 -0700 (PDT)
Received: by vkhf67 with SMTP id f67so10682155vkh.1; Fri, 28 Aug 2015 07:55:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=k32BAN1hENu5wdXLmW2YwJ9rAaZy/ras7zSc2myrN8g=; b=z+U9w6NTO9jlV10cdvqK6xduMZO183hN0lhSiibrUpjLSUY5edHa6p26Zey/xSF7GK W04BBU/FP7Djm92FTKwZ5QpROgLrU1qK2KDJpFoMoms3OPe168kGs3edvcnZzmGu1lJ3 o4mPigoxSry0+8tnZMTWRBDSBkO5NmeZab31KoFwsuX2f1wm5gTUsys5zo2dh9mU+eJv /gTGI13BhuqKaISLqLym++lp+nDSxKQyJEsv9uiICrLGJMmJ/ngAF5RsHhVATAiYyH7H cuIeNQFzzVZhKwmuoFXo+lNaL7/t0nfcp/SRsVMrH+wFZSeDI18AxGBZwt0et6YKttBG V4Nw==
MIME-Version: 1.0
X-Received: by with SMTP id hn9mr4463452vdb.27.1440773717827; Fri, 28 Aug 2015 07:55:17 -0700 (PDT)
Received: by with HTTP; Fri, 28 Aug 2015 07:55:17 -0700 (PDT)
In-Reply-To: <>
References: <007601d0c2c3$7615b610$62412230$> <> <> <>
Date: Fri, 28 Aug 2015 10:55:17 -0400
X-Google-Sender-Auth: AZoZiAJ9eZT76P015opH-SMDgE8
Message-ID: <>
From: Barry Leiba <>
To: Kathleen Moriarty <>
Content-Type: text/plain; charset=UTF-8
Archived-At: <>
Cc: secdir <>, Alec Muffett <>, Mark Nottingham <>, "" <>, The IESG <>, Brad Hill <>
Subject: Re: [secdir] Security review of draft-ietf-dnsop-onion-tld-00.txt
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 28 Aug 2015 14:55:20 -0000

Supporting one point about updating the draft:

>> At the suggestions of Mark Nottingham & Richard Barnes (cc:) we have
>> refrained from issuing revisions to the draft because of the impending
>> 2015-09-03 IESG telechat, in order that discussion does not derail for
>> pursuit of a moving target
> Comments from other ADs are asking about the comments that have not
> been addressed.  The effect of this is that the ADs are reviewing and
> don't know if outstanding comments from reviewers in last call will be
> addressed.  I recommend asking the sponsoring AD if you could upload a
> new version today.  I didn't cast my ballot after reading it yet as
> the SecDir review wasn't addressed and Christian had some good points.
> If we at least had a version to look at that addressed the points, it
> would help some of us... even if it's posted elsewhere.

I really don't understand the allergy that some of us seem to have
toward updating drafts.  The fact that people are reviewing the draft
shouldn't matter.  Why, if there are updates pending, should anyone
consider it more useful to continue to have people review an old
version, when we could be posting a new one for review?  It makes no
sense to me, but it's common advice.

I suggest we encourage people to post revisions when they think it
would be useful, and only hold back under specific circumstances that
we think merit an unchanging draft for a while (such as, we have
updates proposed but they're still being batted around and aren't
ready to commit yet).

I'd rather have people reviewing the latest version, rather than
re-raising things that were already discussed and addressed.