Skip to main content

Telechat Review of draft-ietf-dnsop-dnssec-bootstrapping-08
review-ietf-dnsop-dnssec-bootstrapping-08-intdir-telechat-muite-2024-05-12-00

Request Review of draft-ietf-dnsop-dnssec-bootstrapping
Requested revision No specific revision (document currently at 09)
Type Telechat Review
Team Internet Area Directorate (intdir)
Deadline 2024-05-10
Requested 2024-05-01
Requested by Éric Vyncke
Authors Peter Thomassen , Nils Wisiol
I-D last updated 2024-05-12
Completed reviews Dnsdir Last Call review of -08 by Scott Rose (diff)
Genart Last Call review of -08 by Peter E. Yee (diff)
Intdir Telechat review of -08 by Benson Muite (diff)
Dnsdir Early review of -05 by Scott Rose (diff)
Secdir Early review of -05 by Linda Dunbar (diff)
Assignment Reviewer Benson Muite
State Completed
Request Telechat review on draft-ietf-dnsop-dnssec-bootstrapping by Internet Area Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/int-dir/VCoC8tSq33n3AyIaZsswLNklNcg
Reviewed revision 08 (document currently at 09)
Result Ready w/nits
Completed 2024-05-12
review-ietf-dnsop-dnssec-bootstrapping-08-intdir-telechat-muite-2024-05-12-00
I am an assigned INT directorate reviewer for
<draft-ietf-dnsop-dnssec-bootstrapping-08.txt>. These comments were written
primarily for the benefit of the Internet Area Directors. Document editors and
shepherd(s) should treat these comments just like they would treat comments
from any other IETF contributors and resolve them along with any other Last
Call comments that have been received. For more details on the INT Directorate,
see https://datatracker.ietf.org/group/intdir/about/ .

Based on my review, if I was on the IESG I would ballot this document as YES.

SUMMARY:
The draft proposes a mechanism to enable automated initial validation of child
subdomain CDS/CDNSKEY records when an out of balliwick name server is available
and when the child zone name is not too long.

SUGGESTIONS FOR IMPROVEMENT:

1. May want to minimize number of acronyms in the abstract, for example DS
(Delegation Signer), CDS (Child DS) and CDNSKEY (Child Domain Name System
public key) 2. Too long is not specified though is mentioned in section 4.4 -
could more details be given and do deprecated out of band methods need to be
used in such cases? Any estimates on how often too long names might occur? 3.
Will there be a follow on informational best practice document based on
operational experiences?

Benson