DNS Security (DNSSEC) Experiments
draft-ietf-dnsext-dnssec-experiments-04
Yes
No Objection
Note: This ballot was opened for revision 04 and is now closed.
Lars Eggert (was Discuss) No Objection
I was surprised to see this going for PS and not BCP. IMO this document describes the best current practice methodology for setting up DNSSEC experiments and should go for BCP. Section 4., paragraph 1: > having only unknown algorithm identifiers in the DS records for the > delegation to the zone at the parent. Nit: expand DS on first use.
(Mark Townsley; former steering group member) Yes
(Bill Fenner; former steering group member) No Objection
(Brian Carpenter; former steering group member) No Objection
Editorial points from Gen-ART review by Francis Dupont, with author comments. >> Minor points (they should be fixed by the RFC Editor): >> - in 1 page 3: a missing closing parenthesis. I suggest to add the >> number of the RFCs too. Sounds good. >> - is "validatable" (in 4 page 7 and 6 page 9) a correct English word? Er, I guess not :) I suggest rewording (from 4 on page 7): That is, a zone is either in an experiment and only experimentally validatable, or it is not. with That is, a zone is either in an experiment and only possible to validate experimentally, or it is not. And suggest rewording (from 6 on page 9): For instance, the resolver may look at a non-validatable response and conclude that the response is bogus, either due to local policy or implementation details. with For instance, the resolver my look at a response that cannot be validated and still conclude that the response is bogus, either due to local policy or implementation details. >> - in 10.2 page 13 reference [6] is obsolete: a new version 03 was >> submitted in June.
(Cullen Jennings; former steering group member) No Objection
(Dan Romascanu; former steering group member) No Objection
Why is this document aimed to be a Proposed Standard and not a BCP?
(David Kessens; former steering group member) No Objection
(Jari Arkko; former steering group member) (was Discuss, No Objection) No Objection
(Jon Peterson; former steering group member) No Objection
(Lisa Dusseault; former steering group member) No Objection
(Magnus Westerlund; former steering group member) No Objection
(Ross Callon; former steering group member) No Objection
(Russ Housley; former steering group member) No Objection
Please rename section 6. A reasonable title might be "Experiment Considerations". From the SecDir review by Stefan Santesson: Section 5 states: > > Resolvers MUST only recognize the experiment's semantics when > present in a zone signed by one or more of these algorithm > identifiers. > Strictly speaking, nothing is signed by an algorithm identifier. It seems that the text tries to say: > > Resolvers MUST only recognize the experiment's semantics when > present in a zone signed with one or more algorithms identified > by these algorithm identifiers.
(Sam Hartman; former steering group member) No Objection
(Ted Hardie; former steering group member) No Objection