Last Call Review of draft-ietf-add-resolver-info-10
review-ietf-add-resolver-info-10-artart-lc-gulbrandsen-2024-02-27-00
Request | Review of | draft-ietf-add-resolver-info |
---|---|---|
Requested revision | No specific revision (document currently at 13) | |
Type | Last Call Review | |
Team | ART Area Review Team (artart) | |
Deadline | 2024-02-29 | |
Requested | 2024-02-15 | |
Authors | Tirumaleswar Reddy.K , Mohamed Boucadair | |
I-D last updated | 2024-02-27 | |
Completed reviews |
Genart Last Call review of -11
by Mallory Knodel
(diff)
Dnsdir Last Call review of -10 by Jim Reid (diff) Artart Last Call review of -10 by Arnt Gulbrandsen (diff) Dnsdir Telechat review of -11 by Jim Reid (diff) Artart Telechat review of -11 by Arnt Gulbrandsen (diff) Dnsdir Early review of -02 by Johan Stenstam (diff) Dnsdir Telechat review of -11 by Jim Reid (diff) |
|
Assignment | Reviewer | Arnt Gulbrandsen |
State | Completed | |
Request | Last Call review on draft-ietf-add-resolver-info by ART Area Review Team Assigned | |
Posted at | https://mailarchive.ietf.org/arch/msg/art/tg4Ot6t1lLPpji_j8Ee4yDURurA | |
Reviewed revision | 10 (document currently at 13) | |
Result | Ready w/issues | |
Completed | 2024-02-27 |
review-ietf-add-resolver-info-10-artart-lc-gulbrandsen-2024-02-27-00
Hi, I am the assigned ART reviewer. FWIW I have some familiarity with the DNS generally, but this is the first time I've read this draft. I think the draft is close to ready. Three points: 1. Section 3 says the domain resolver.arpa is used. The only example in the document uses a different domain, namely resolver.example.com. As I read it, the meaning is only really defined for resolver.arpa. Not sure what resolution I prefer here, but I would be happier if the first example were obviously compliant, and even happier if the document specifies what RESINFO means when returned for other domains. (Nothing, right?) 2. "For example, a DoT server may not want to host an HTTPS server" implies that the informational server is hosted by the resolver. I don't like that implication and suggest removing the sentence or (better) finding a different example. 3. The use of "validate" and "reputation" in the security considerations reminds me of RFC 1925 Truth 6. Please excuse my unkind choice of words: The paragraph sounds like a more polite version of "some attacker might find a way to attack this, but a reputation blackbox will fix that". Perhaps an explanation of the problem as you understand it helps. I certainly didn't understand the threat. Arnt