Last Call Review of draft-ietf-dprive-xfr-over-tls-09

Request Review of draft-ietf-dprive-xfr-over-tls
Requested rev. no specific revision (document currently at 11)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2021-04-20
Requested 2021-04-06
Authors Willem Toorop, Sara Dickinson, Shivan Sahib, Pallavi Aras, Allison Mankin
Draft last updated 2021-04-17
Completed reviews Genart Last Call review of -09 by Dan Romascanu (diff)
Assignment Reviewer Dan Romascanu 
State Completed
Review review-ietf-dprive-xfr-over-tls-09-genart-lc-romascanu-2021-04-17
Posted at
Reviewed rev. 09 (document currently at 11)
Review result Ready with Nits
Review completed: 2021-04-17


I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at


Document: draft-ietf-dprive-xfr-over-tls-09
Reviewer: Dan Romascanu
Review Date: 2021-04-17
IETF LC End Date: 2021-04-20
IESG Telechat date: Not scheduled for a telechat


Ready with nits. 

This document specifies XFR-over-TLS (XoT) i.e. the use of TLS, rather than clear text, to prevent zone content collection via passive monitoring of DNS zone transfers. This is a very clear and well-written document. I had to do further reading to understand some of the specified or referred concepts and mechanisms, but after doing it all aligned nicely. I especially appreciate the inclusion and level of detail of Section 7 which explains the updates to the existing specifications, including the RFCs updated by this document and clarifies the issues of backwards compatibility. There are a few nits that I suggest to address before publication.  

Major issues:

Minor issues:

Nits/editorial comments:

1. In Section 3: 

> XoT: Generic XFR-over-TLS mechanisms as specified in this document

What does 'Generic' mean here? Are there also non-generic / specific mechanisms similar to XoT that should be referenced? If not, consider dropping 'Generic'

2. In Section 5 there are two Design Considerations labelled both Performance. Is this the intent? If yes, maybe they should be grouped together. If not maybe at least one of the name may be changed. 

3. Should not the fact that implementations MUST use TLS 1.3 or higher, which is specified in Section 8.1, be also mentioned in the Introduction? 

4. Section 9 uses in one instance the term 'multi-master'. Can an alternative term be considered, taking into account the work summarized in I-Ds such as

5. I assume that Section 20 - Changelog will be removed before publication