Skip to main content

Early Review of draft-ietf-dnsop-dnssec-bootstrapping-05
review-ietf-dnsop-dnssec-bootstrapping-05-secdir-early-dunbar-2023-07-17-00

Request Review of draft-ietf-dnsop-dnssec-bootstrapping
Requested revision No specific revision (document currently at 09)
Type Early Review
Team Security Area Directorate (secdir)
Deadline 2023-07-24
Requested 2023-06-23
Requested by Tim Wicinski
Authors Peter Thomassen , Nils Wisiol
I-D last updated 2023-07-17
Completed reviews Dnsdir Last Call review of -08 by Scott Rose (diff)
Genart Last Call review of -08 by Peter E. Yee (diff)
Intdir Telechat review of -08 by Benson Muite (diff)
Dnsdir Early review of -05 by Scott Rose (diff)
Secdir Early review of -05 by Linda Dunbar (diff)
Comments
Document is close to working group last call, would like to confirm everything
Assignment Reviewer Linda Dunbar
State Completed
Request Early review on draft-ietf-dnsop-dnssec-bootstrapping by Security Area Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/secdir/5WJw6RM13OtLQVsw46qmvf5_EN8
Reviewed revision 05 (document currently at 09)
Result Has nits
Completed 2023-07-17
review-ietf-dnsop-dnssec-bootstrapping-05-secdir-early-dunbar-2023-07-17-00
Reviewer: Linda Dunbar
Review result: Ready with some questions

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area directors.
Document editors and WG chairs should treat these comments just like any other
last-call comments.

Summary:
The document describes the procedure for in-band method for DNS operators to
publish arbitrary information about the zones. The description is very clear
and has a very clear description of the Security Consideration.

Here are some minor issues with the draft:
- What kind of "arbitrary information about the zones"? any examples?
- Section 3.2 (Page 6). The first step is not intuitive. does it mean nothing
needs to be performed if the child is "securely delegated"? How does the
"securely delegated" child publish information?

Thanks, Linda Dunbar