Last Call Review of draft-ietf-dnsop-obsolete-dlv-00
review-ietf-dnsop-obsolete-dlv-00-secdir-lc-kelly-2019-10-03-00

Request Review of draft-ietf-dnsop-obsolete-dlv
Requested rev. no specific revision (document currently at 02)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2019-09-18
Requested 2019-09-04
Authors Matthijs Mekking, Dan Mahoney
Draft last updated 2019-10-03
Completed reviews Secdir Last Call review of -00 by Scott Kelly (diff)
Genart Last Call review of -00 by Meral Shirazipour (diff)
Assignment Reviewer Scott Kelly 
State Completed
Review review-ietf-dnsop-obsolete-dlv-00-secdir-lc-kelly-2019-10-03
Posted at https://mailarchive.ietf.org/arch/msg/secdir/pJkypUiXRfE70sAgZVb_wyc4350
Reviewed rev. 00 (document currently at 02)
Review result Ready
Review completed: 2019-09-26

Review
review-ietf-dnsop-obsolete-dlv-00-secdir-lc-kelly-2019-10-03

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

The summary of the review is ready.

From the abstract, this document obsoletes DNSSEC lookaside validation (DLV) and reclassifies RFCs 4431 and 5074 as Historic.

The document lists all current references to DLV RFCs and describes necessary changes to those RFCs. The security considerations basically say that zones relying on DLV will have to find another way, but that there are no well-known DLV registries, so this number will likely be small.

I'm not a DNSSEC expert, so maybe this is a dumb question, but is there any possibility that someone doesn't get the memo, and continues to rely on some not-so-well-known DLV registry? And if so, what could happen as a result? Anything anyone should care about?

Thanks,

Scott