Last Call Review of draft-ietf-dnsop-negative-trust-anchors-10
review-ietf-dnsop-negative-trust-anchors-10-opsdir-lc-wijnen-2015-06-23-00

Request Review of draft-ietf-dnsop-negative-trust-anchors
Requested rev. no specific revision (document currently at 13)
Type Last Call Review
Team Ops Directorate (opsdir)
Deadline 2015-06-23
Requested 2015-06-11
Authors Ebersman P, Warren Kumari, Chris Griffiths, Jason Livingood, Ralf Weber
Draft last updated 2015-06-23
Completed reviews Genart Last Call review of -10 by Christer Holmberg (diff)
Genart Telechat review of -11 by Christer Holmberg (diff)
Genart Telechat review of -12 by Christer Holmberg (diff)
Secdir Last Call review of -10 by Yaron Sheffer (diff)
Opsdir Last Call review of -10 by Bert Wijnen (diff)
Assignment Reviewer Bert Wijnen
State Completed
Review review-ietf-dnsop-negative-trust-anchors-10-opsdir-lc-wijnen-2015-06-23
Reviewed rev. 10 (document currently at 13)
Review result Has Nits
Review completed: 2015-06-23

Review
review-ietf-dnsop-negative-trust-anchors-10-opsdir-lc-wijnen-2015-06-23

Hi,

I did the OPS-DIR review for

    draft-ietf-dnsop-negative-trust-anchors-10.txt


Summary: document ready for publication

I think the document explains very well what an NTA is and how to operate/deal with it.

I have not been involved in the creation/evaluation/review of the document up till now.
So the question that I have in my mind may very well have been conmsidered and answered.
The question is about:

   The document in section 2 states that before installing a NTA, ISP (DNS resolver) personal
   should:

      Finally, they should make a reasonable attempt to contact the domain owner of the
      misconfigured zone, preferably prior to implementing the Negative Trust Anchor.

So is it often too difficylt to ask the woner to fix the misconfiguration quickly instead of
installing a NTA ???

I see no negative operational impact if the procedures to install/maintain a NTA according
to this document.

Bert