Last Call Review of draft-ietf-dnsop-nxdomain-cut-03
review-ietf-dnsop-nxdomain-cut-03-secdir-lc-montville-2016-07-28-00
| Request | Review of | draft-ietf-dnsop-nxdomain-cut |
|---|---|---|
| Requested revision | No specific revision (document currently at 05) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2016-07-29 | |
| Requested | 2016-07-21 | |
| Authors | Stéphane Bortzmeyer , Shumon Huque | |
| I-D last updated | 2016-07-28 | |
| Completed reviews |
Genart Last Call review of -03
by Meral Shirazipour
(diff)
Genart Telechat review of -04 by Meral Shirazipour (diff) Secdir Last Call review of -03 by Adam W. Montville (diff) Opsdir Last Call review of -03 by Sheng Jiang (diff) |
|
| Assignment | Reviewer | Adam W. Montville |
| State | Completed | |
| Request | Last Call review on draft-ietf-dnsop-nxdomain-cut by Security Area Directorate Assigned | |
| Reviewed revision | 03 (document currently at 05) | |
| Result | Ready | |
| Completed | 2016-07-28 |
review-ietf-dnsop-nxdomain-cut-03-secdir-lc-montville-2016-07-28-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document is: Ready This document explains the reasoning behind, and advantages of, NXDOMAIN cut—a method of ensuring that non-existence of a node in the domain name tree implies non-existence of the entire sub-tree. The solution does seem to require DNSSEC, as mentioned in the security considerations section, to avoid certain DOS circumstances (which are already possible, but potentially amplified by NXDOMAIN cut). Attachment: signature.asc Description: Message signed with OpenPGP using GPGMail