Early Review of draft-ietf-dnsop-dnssec-bootstrapping-05
review-ietf-dnsop-dnssec-bootstrapping-05-secdir-early-dunbar-2023-07-17-00
| Request | Review of | draft-ietf-dnsop-dnssec-bootstrapping |
|---|---|---|
| Requested revision | No specific revision (document currently at 08) | |
| Type | Early Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2023-07-24 | |
| Requested | 2023-06-23 | |
| Requested by | Tim Wicinski | |
| Authors | Peter Thomassen , Nils Wisiol | |
| I-D last updated | 2023-07-17 | |
| Completed reviews |
Dnsdir Last Call review of -08
by Scott Rose
Genart Last Call review of -08 by Peter E. Yee Dnsdir Early review of -05 by Scott Rose (diff) Secdir Early review of -05 by Linda Dunbar (diff) |
|
| Comments |
Document is close to working group last call, would like to confirm everything |
|
| Assignment | Reviewer | Linda Dunbar |
| State | Completed | |
| Request | Early review on draft-ietf-dnsop-dnssec-bootstrapping by Security Area Directorate Assigned | |
| Posted at | https://mailarchive.ietf.org/arch/msg/secdir/5WJw6RM13OtLQVsw46qmvf5_EN8 | |
| Reviewed revision | 05 (document currently at 08) | |
| Result | Has nits | |
| Completed | 2023-07-17 |
review-ietf-dnsop-dnssec-bootstrapping-05-secdir-early-dunbar-2023-07-17-00
Reviewer: Linda Dunbar Review result: Ready with some questions I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last-call comments. Summary: The document describes the procedure for in-band method for DNS operators to publish arbitrary information about the zones. The description is very clear and has a very clear description of the Security Consideration. Here are some minor issues with the draft: - What kind of "arbitrary information about the zones"? any examples? - Section 3.2 (Page 6). The first step is not intuitive. does it mean nothing needs to be performed if the child is "securely delegated"? How does the "securely delegated" child publish information? Thanks, Linda Dunbar