DNS-based Authentication of Named Entities
charter-ietf-dane-02

These issues are nits. I'd love for them to be fixed, but they are not so important...

Although those skilled in the art may know what "DANE and DANE-like 
functionality" is, I think the charter would do well to set this out
in the first sentence such as:
  DANE is a set of mechanisms and techniques that allow Internet
  applications to establish cryptographically secured communications
  by using information distributed through DNSSEC for discovering 
  and authenticating public keys which are associated with a service
  located at a domain name.

There are three instances of "The group may..." (the last three
paragraphs.  I understand the desire to encourage the WG to do
things and to be clear that doing them is not out of scope, but I
wish that there was a stronger directive to do stuff or that it
was simply left off the charter.

Editorial (bad grammar, and very hard to read):

OLD
    DANE supports both Certificates and raw
    keys, further more Certificates and raw keys can be either the full
    key or a hash of the key.

NEW
    DANE supports both certificates and raw
    keys.  Furthermore, the keys (raw, or imbedded in certificates) can
    be full keys or hashes of keys.

END

Though, really, I think the sentence could just as well be removed as fixed.

I thought we were skipping external review? Is the ballot just wrong?

Not quite worth a block, but I do think these changes should be made:

    The DANE WG will process documents that describe how to
    incorporate DANE and DANE-like functionality in protocols, and
     mechanisms to facilitate adoption of this functionality.
   
Instead: "The DANE WG will specify how to incorporate DANE and DANE-like functionality into protocols." Also, specify the list (given that below it says no new items without rechartering): "The WG will specify such mechanisms for SMTP, SMIME, OPENPGP, and IPSEC." (It's not clear to me if the SRV document fits in this category.)
    
    The DANE
    working group will also assist other working groups with adding
    DANE functionality to their work.
    
How does that differ from the above?
    
    In addition the working group
    will monitor and provide guidance to operators and tool developers.
    
Strike that, or make it something the WG can actually accomplish like, "The DANE WG shall also produce a set of implementation guidance for operators and tool developers."
    
    When work on currently chartered documents is complete the WG
    may re-charter if sufficiently pressing new work is identified.

Instead: "When work on the work items enumerated above is complete, the WG may re-charter if sufficiently pressing new work is identified."    

    DANE is not intended to be a long-lived catch-all WG
    for all PKI in DNS issues and so will generally not adopt new
    work items without re-chartering.

Peachy. And the Problem Statement is fine; it's just descriptive, AFAICT.