Skip to main content

Last Call Review of draft-ietf-dnsop-qname-minimisation-07
review-ietf-dnsop-qname-minimisation-07-secdir-lc-emery-2015-12-03-00

Request Review of draft-ietf-dnsop-qname-minimisation
Requested revision No specific revision (document currently at 09)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2015-11-23
Requested 2015-11-12
Authors St├ęphane Bortzmeyer
I-D last updated 2015-12-03
Completed reviews Genart Last Call review of -07 by Ralph Droms (diff)
Genart Telechat review of -08 by Ralph Droms (diff)
Secdir Last Call review of -07 by Shawn M Emery (diff)
Opsdir Last Call review of -07 by Warren "Ace" Kumari (diff)
Assignment Reviewer Shawn M Emery
State Completed
Request Last Call review on draft-ietf-dnsop-qname-minimisation by Security Area Directorate Assigned
Reviewed revision 07 (document currently at 09)
Result Has nits
Completed 2015-12-03
review-ietf-dnsop-qname-minimisation-07-secdir-lc-emery-2015-12-03-00
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors. Document editors and WG chairs should treat these
comments just like any other last call comments.

This draft specifies a technique to increase privacy in unencrypted DNS
traffic by not specifying a full domain name to the upstream name server.

The security considerations section does exist and does relent that encryption
would be a better form of privacy, but would require more coordination.  The
section also discloses that this protocol does not help in the case of
recursive resolvers.  I believe that the draft sufficiently describes the
limitations of the QNAME minimization method as specified.

General comments:

None.

Editorial comments:

Should QNAME be initially expanded/defined?
s/therefore do not give/therefore not give/
s/improving performances/improving performance/

Shawn.
--