Early Review of draft-cuiling-dnsop-sm2-alg-11
review-cuiling-dnsop-sm2-alg-11-dnsdir-early-huston-2023-11-11-00

This reviewer has no competence to comment on the quality of SM2 and SM3 in the
context of use by DNSEC as a crypto algorithm.

The document is generally readable and clear. There are some nits and open
questions that have been prompted by this review, as follows:

1. In the introduction it would be better to reference the IANA registry of
DNSSEC algorithms explicitly. i.e.: Replace the last sentence with “DNSSEC
signature algorithms are registered in the DNSSEC algorithm IANA registry
[IANA]" Where [IANA] refers to
https://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml]”

2. Second para: “a new signing algorithm” - drop the ‘a’

3. “algorithm is SM3 with digest type code [TBD1]” - its unclear if this TDB1
is waiting for an IANA code assignment or waiting on some third party code
assignment,.

4. “And the parameters of the curve used in this document are as follows:” -
drop the “And”

5. Is this a “document” or a “profile” in the previous sentence? I suspect its
a “profile”

6. Security considerations

  “The security strength of SM2 is considered to be equivalent to half the size
  of the key, which is 128 bits.”
   A reference to support this "is considered" assertion would help a lot here.

   “For another thing, the security of ECC-based algorithms is influenced by
   the curve it uses.”
    Is a clumsy expression - I suggest dropping “For another thing”

  “ Thus it's recommended that the DNS server implementations use popular
  cryptography library which support SM2 and SM3 algorithms, such as OpenSSL. 
  Thus it's convenient to use a different curve if SM2 is compromised.”

  Is this a RECOMMEND form of advice?

  Its also unclear to this reviewer what this is actually recommending.

  7. I am unsure of the intent of the inclusion of Appendix A. It seems to be a
  standard NSEC3-signed zone signed with algorithm TDB2. What purpose does the
  inclusion of this appendix serve?