Last Call Review of draft-ietf-dnsop-rfc8624-bis-07
review-ietf-dnsop-rfc8624-bis-07-secdir-lc-nystrom-2025-03-11-00

1. Section 2 states "Domain Security Algorithm Numbers" as a new registry.
However, the text only refers to a "DNS System Algorithm Numbers" registry. Are
these intended to be the same? 2. Section 2 states "Adding a new entry to the
"DNS System Algorithm Numbers" registry ... is via the "Specification Required"
policy" - would it not be clearer to state: "Adding a new entry to the "DNS
System Algorithm Numbers" registry ... SHALL follow the "Specification
Required" policy" 3. Section 2. Same as for item 2 but for the Digest
paragraph. 4. Also in Section 2, I do not understand "Use for columns was also
set to the same values from [RFC8624], as there is no existing documented
values and general interpretation of the registries to date indicate they
should be the same, although may differ in the future" - besides the grammar
errors here, how can you set to the "same" values if there is [sic] no existing
documented values? 5. Section 3. Title name for registry does not match the
registry's name in Section 2's table. 6. Section 5. Second paragraph seems
superfluous as this document is not about management of keys, systems, etc. 7.
Section 6. "Therefore, algorithm deprecation must be done very slowly and only
after careful consideration and measurement of its use" - better to write
"Therefore, algorithm deprecation must be done only after careful
consideration" - if an algorithm is demonstrably broken, then it is worse to
allow its continued use than being explicit about the zone not being secure.
"Very slowly" is also indeterminate.