Skip to main content

Last Call Review of draft-ietf-dnsop-negative-trust-anchors-10

Request Review of draft-ietf-dnsop-negative-trust-anchors
Requested revision No specific revision (document currently at 13)
Type Last Call Review
Team Ops Directorate (opsdir)
Deadline 2015-06-23
Requested 2015-06-11
Authors P Ebersman , Warren "Ace" Kumari , Chris Griffiths , Jason Livingood , Ralf Weber
I-D last updated 2015-06-23
Completed reviews Genart Last Call review of -10 by Christer Holmberg (diff)
Genart Telechat review of -11 by Christer Holmberg (diff)
Genart Telechat review of -12 by Christer Holmberg (diff)
Secdir Last Call review of -10 by Yaron Sheffer (diff)
Opsdir Last Call review of -10 by Bert Wijnen (diff)
Assignment Reviewer Bert Wijnen
State Completed Snapshot
Review review-ietf-dnsop-negative-trust-anchors-10-opsdir-lc-wijnen-2015-06-23
Reviewed revision 10 (document currently at 13)
Result Has Nits
Completed 2015-06-23

I did the OPS-DIR review for


Summary: document ready for publication

I think the document explains very well what an NTA is and how to operate/deal with it.

I have not been involved in the creation/evaluation/review of the document up till now.
So the question that I have in my mind may very well have been conmsidered and answered.
The question is about:

   The document in section 2 states that before installing a NTA, ISP (DNS resolver) personal

      Finally, they should make a reasonable attempt to contact the domain owner of the
      misconfigured zone, preferably prior to implementing the Negative Trust Anchor.

So is it often too difficylt to ask the woner to fix the misconfiguration quickly instead of
installing a NTA ???

I see no negative operational impact if the procedures to install/maintain a NTA according
to this document.