Early Review of draft-ietf-dnsop-ns-revalidation-04
review-ietf-dnsop-ns-revalidation-04-dnsdir-early-gieben-2023-07-30-00

Hi all,

This is the dnsdir (early) review for
https://datatracker.ietf.org/doc/draft-ietf-dnsop-ns-revalidation/ version 04.

I've found the document clear in explaining why "Upgrading NS RRset
Credibility" and "Delegation Revalidation" are needed.

However when reading Section 3, I feel that this is an explanation of an
algorithm and should use RFC 2119 keywords and be more precise. One of the main
things I would like to see some text about is what if you _do_ get a response
from the child that does have NS records in the auth section? Have you then
sent the validation queries for nothing? Or is this indented for intermediate
nameservers (only)?

To a lesser extent this also hold true for Section 4, but algorithm is some
what simpler there.

The Security Considerations section reads a bit like a mini summery of the
document because it duplicates things from Section 2 (Motivation). I think the
entire text from Section 6 could be folded into Section 2 (and insofar it's not
already in there). Or say something like "this entire document deals with the
security of .....".

Small nit: section 3 currently is just a set of bullet points which looks a bit
odd.

Kind regards,
Miek