Skip to main content

Last Call Review of draft-ietf-dprive-unilateral-probing-12
review-ietf-dprive-unilateral-probing-12-artart-lc-gondwana-2023-09-07-00

Request Review of draft-ietf-dprive-unilateral-probing
Requested revision No specific revision (document currently at 13)
Type Last Call Review
Team ART Area Review Team (artart)
Deadline 2023-08-28
Requested 2023-08-07
Authors Daniel Kahn Gillmor , Joey Salazar , Paul E. Hoffman
I-D last updated 2023-09-07
Completed reviews Dnsdir Last Call review of -10 by Florian Obser (diff)
Dnsdir Last Call review of -11 by Florian Obser (diff)
Artart Last Call review of -12 by Bron Gondwana (diff)
Opsdir Last Call review of -11 by Dhruv Dhody (diff)
Intdir Telechat review of -12 by Tommy Pauly (diff)
Dnsdir Telechat review of -12 by Florian Obser (diff)
Dnsdir Early review of -09 by Florian Obser (diff)
Intdir Early review of -06 by Haoyu Song (diff)
Secdir Early review of -07 by Rich Salz (diff)
Assignment Reviewer Bron Gondwana
State Completed
Request Last Call review on draft-ietf-dprive-unilateral-probing by ART Area Review Team Assigned
Posted at https://mailarchive.ietf.org/arch/msg/art/R6IORBQjJI4oZteiMhRa5OcBwMg
Reviewed revision 12 (document currently at 13)
Result Ready w/nits
Completed 2023-09-07
review-ietf-dprive-unilateral-probing-12-artart-lc-gondwana-2023-09-07-00
I am the ARTART reviewer for this document.  Apologies for the delay in sending
my review.

I found it very well written and easy to follow.  It's clear why this guidance
is being written, and it's clear to me how to implement it.

My only concern is that it does fall back very easily to cleartext, for a long
damping period.  As a protocol implementer myself, I would generally expect to
retry something one or two more times over the course of a few minutes before
giving up entirely for 24h, since the server at the other end may have just
been restarting and either dropped an existing connection or rejected a SYN
packet, but be ready a moment later.  I'd be happy with a limit of something
like 5 tries over 2 minutes (one every 30 seconds) before giving up.

Thanks again for this document, and I look forward to my DNS being slightly
safer in future.