Skip to main content

Last Call Review of draft-ietf-dprive-xfr-over-tls-09
review-ietf-dprive-xfr-over-tls-09-genart-lc-romascanu-2021-04-17-00

Request Review of draft-ietf-dprive-xfr-over-tls
Requested revision No specific revision (document currently at 12)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2021-04-20
Requested 2021-04-06
Authors Willem Toorop , Sara Dickinson , Shivan Kaul Sahib , Pallavi Aras , Allison Mankin
Draft last updated 2021-04-17
Completed reviews Genart Last Call review of -09 by Dan Romascanu (diff)
Assignment Reviewer Dan Romascanu
State Completed Snapshot
Review review-ietf-dprive-xfr-over-tls-09-genart-lc-romascanu-2021-04-17
Posted at https://mailarchive.ietf.org/arch/msg/gen-art/6gNoARqaS99OEZhUFamKt79lR8A
Reviewed revision 09 (document currently at 12)
Result Ready with Nits
Completed 2021-04-17
review-ietf-dprive-xfr-over-tls-09-genart-lc-romascanu-2021-04-17-00
I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at

<https://trac.ietf.org/trac/gen/wiki/GenArtfaq>.

Document: draft-ietf-dprive-xfr-over-tls-09
Reviewer: Dan Romascanu
Review Date: 2021-04-17
IETF LC End Date: 2021-04-20
IESG Telechat date: Not scheduled for a telechat

Summary:

Ready with nits.

This document specifies XFR-over-TLS (XoT) i.e. the use of TLS, rather than
clear text, to prevent zone content collection via passive monitoring of DNS
zone transfers. This is a very clear and well-written document. I had to do
further reading to understand some of the specified or referred concepts and
mechanisms, but after doing it all aligned nicely. I especially appreciate the
inclusion and level of detail of Section 7 which explains the updates to the
existing specifications, including the RFCs updated by this document and
clarifies the issues of backwards compatibility. There are a few nits that I
suggest to address before publication.

Major issues:

Minor issues:

Nits/editorial comments:

1. In Section 3:

> XoT: Generic XFR-over-TLS mechanisms as specified in this document

What does 'Generic' mean here? Are there also non-generic / specific mechanisms
similar to XoT that should be referenced? If not, consider dropping 'Generic'

2. In Section 5 there are two Design Considerations labelled both Performance.
Is this the intent? If yes, maybe they should be grouped together. If not maybe
at least one of the name may be changed.

3. Should not the fact that implementations MUST use TLS 1.3 or higher, which
is specified in Section 8.1, be also mentioned in the Introduction?

4. Section 9 uses in one instance the term 'multi-master'. Can an alternative
term be considered, taking into account the work summarized in I-Ds such as
https://datatracker.ietf.org/doc/draft-knodel-terminology/?

5. I assume that Section 20 - Changelog will be removed before publication