Last Call Review of draft-ietf-dnsext-dnssec-algo-signal-09
review-ietf-dnsext-dnssec-algo-signal-09-secdir-lc-moriarty-2013-04-25-00
Request | Review of | draft-ietf-dnsext-dnssec-algo-signal |
---|---|---|
Requested revision | No specific revision (document currently at 10) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2013-04-23 | |
Requested | 2013-03-21 | |
Authors | Steve Crocker , Scott Rose | |
I-D last updated | 2013-04-25 | |
Completed reviews |
Genart Last Call review of -09
by Meral Shirazipour
(diff)
Genart Telechat review of -10 by Meral Shirazipour Secdir Last Call review of -09 by Kathleen Moriarty (diff) |
|
Assignment | Reviewer | Kathleen Moriarty |
State | Completed | |
Request | Last Call review on draft-ietf-dnsext-dnssec-algo-signal by Security Area Directorate Assigned | |
Reviewed revision | 09 (document currently at 10) | |
Result | Has nits | |
Completed | 2013-04-25 |
review-ietf-dnsext-dnssec-algo-signal-09-secdir-lc-moriarty-2013-04-25-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Summary: This document specifies a way for a client to signal its digital signature and hash algorithm knowledge to a cache or server. The intent is for it to be used by cache or server administrators to track evolving algorithm support. Detail: The draft seems straightforward and is just a method for clients to notify the server of supported algorithms. The only other attack I can think of, that is not mentioned, would be a denial of service. You may want to add this to the security considerations and any notes on how it can be prevented (connections or logs). Best regards, Kathleen