Early Review of draft-ietf-dnsop-integration-00
review-ietf-dnsop-integration-00-secdir-early-farrell-2025-09-03-00
| Request | Review of | draft-ietf-dnsop-integration |
|---|---|---|
| Requested revision | No specific revision (document currently at 02) | |
| Type | Early Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2025-09-12 | |
| Requested | 2025-07-17 | |
| Requested by | Peter Thomassen | |
| Authors | Swapneel Sheth , Andrew Kaizer , Bryan Newbold , N. Johnson | |
| I-D last updated | 2026-04-07 (Latest revision 2026-04-07) | |
| Completed reviews |
Secdir Early review of -00
by Stephen Farrell
(diff)
Artart Early review of -00 by Barry Leiba (diff) Dnsdir Early review of -01 by David C Lawrence (diff) |
|
| Comments |
(Apologies for the earlier email, I just learned about this Datatracker capability.) During this draft's Adoption Call, there was some concern about the breadth of review in case mostly DNS people would look at it. Russ Housley therefore had suggested [1] we request an Early Review -- here you are. The review is not particularly urgent, so I put down a date in ~2 months. Thanks! [1]: https://mailarchive.ietf.org/arch/msg/dnsop/0oKiCtGR3IpNIbPjanYl6AVvv1o/ |
|
| Assignment | Reviewer | Stephen Farrell |
| State | Completed | |
| Request | Early review on draft-ietf-dnsop-integration by Security Area Directorate Assigned | |
| Posted at | https://mailarchive.ietf.org/arch/msg/secdir/D2vT7XobOCQAx3_Nw9hF1BHUo1A | |
| Reviewed revision | 00 (document currently at 02) | |
| Result | Has issues | |
| Completed | 2025-09-03 |
review-ietf-dnsop-integration-00-secdir-early-farrell-2025-09-03-00
The document has issues but I'd guess those'll be fixed as things evolve. (This being an early review.) The main issue I see is scope - I'm not clear what the document's scope is or should be. The text is very general, but the examples discussed seem rather limited, e.g. with no mention of the handling of DNS names in e.g. email, ssh, anti-spam blocklists or things like infratructure tools like cPanel. Put another way, if the scope is intended to be as broad as the text, then there're a lot more quirks to using DNS names that are in the current text. But perhaps some much more limited scope might be easier to finish and still useful. I'd encourage the authors/WG to consider that. I don't myself have any strong opinion, but I'd say that not fixing this issue might lead to much pain later;-) As a near-nit at this stage, I'd also note that various UTAH WG documents discuss handling names in TLS which is a subset of this I guess.