Early Review of draft-ietf-dnsop-ns-revalidation-04
review-ietf-dnsop-ns-revalidation-04-dnsdir-early-gieben-2023-07-30-00
Request | Review of | draft-ietf-dnsop-ns-revalidation |
---|---|---|
Requested revision | No specific revision (document currently at 07) | |
Type | Early Review | |
Team | DNS Directorate (dnsdir) | |
Deadline | 2023-07-31 | |
Requested | 2023-07-04 | |
Requested by | Tim Wicinski | |
Authors | Shumon Huque , Paul A. Vixie , Willem Toorop | |
I-D last updated | 2023-07-30 | |
Completed reviews |
Dnsdir Early review of -04
by R. (Miek) Gieben
(diff)
|
|
Assignment | Reviewer | R. (Miek) Gieben |
State | Completed | |
Request | Early review on draft-ietf-dnsop-ns-revalidation by DNS Directorate Assigned | |
Posted at | https://mailarchive.ietf.org/arch/msg/dnsdir/SC9XLHtZ7KKNt48MNuIMUTZ7NTM | |
Reviewed revision | 04 (document currently at 07) | |
Result | On the right track | |
Completed | 2023-07-30 |
review-ietf-dnsop-ns-revalidation-04-dnsdir-early-gieben-2023-07-30-00
Hi all, This is the dnsdir (early) review for https://datatracker.ietf.org/doc/draft-ietf-dnsop-ns-revalidation/ version 04. I've found the document clear in explaining why "Upgrading NS RRset Credibility" and "Delegation Revalidation" are needed. However when reading Section 3, I feel that this is an explanation of an algorithm and should use RFC 2119 keywords and be more precise. One of the main things I would like to see some text about is what if you _do_ get a response from the child that does have NS records in the auth section? Have you then sent the validation queries for nothing? Or is this indented for intermediate nameservers (only)? To a lesser extent this also hold true for Section 4, but algorithm is some what simpler there. The Security Considerations section reads a bit like a mini summery of the document because it duplicates things from Section 2 (Motivation). I think the entire text from Section 6 could be folded into Section 2 (and insofar it's not already in there). Or say something like "this entire document deals with the security of .....". Small nit: section 3 currently is just a set of bullet points which looks a bit odd. Kind regards, Miek