Skip to main content

Last Call Review of draft-ietf-dnsop-algorithm-update-06
review-ietf-dnsop-algorithm-update-06-secdir-lc-weis-2019-02-28-00

Request Review of draft-ietf-dnsop-algorithm-update
Requested revision No specific revision (document currently at 10)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2019-02-27
Requested 2019-02-13
Authors Paul Wouters , Ondřej Surý
I-D last updated 2019-02-28
Completed reviews Secdir Last Call review of -06 by Brian Weis (diff)
Genart Telechat review of -07 by Peter E. Yee (diff)
Assignment Reviewer Brian Weis
State Completed
Request Last Call review on draft-ietf-dnsop-algorithm-update by Security Area Directorate Assigned
Reviewed revision 06 (document currently at 10)
Result Ready
Completed 2019-02-28
review-ietf-dnsop-algorithm-update-06-secdir-lc-weis-2019-02-28-00
I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These comments
were written primarily for the benefit of the security area directors. Document
editors and WG chairs should treat these comments just like any other last call
comments.

This document specifies updated DNSSEC algorithm recommendations. It includes
updates on DNSKEY, DS and CDS algorithms. The recommendations are similar to
the methodology defined for IPSec algorithm recommendations, which have been
useful to implementors and users.

The actual algorithm recommendations (MUST, RECOMMENDED, NOT RECOMMENDED, MAY,
MUST NOT) are in line with current general algorithm guidance, and match the
goals set forth in the document. I make no further comment on them as the
details of the recommendations have likely to have been finely honed through
debate within the working group.

I believe the document is ready to publish.