Last Call Review of draft-ietf-lamps-rfc6844bis-06
review-ietf-lamps-rfc6844bis-06-genart-lc-yee-2019-05-15-00

I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at

<https://trac.ietf.org/trac/gen/wiki/GenArtfaq>.

Document: draft-ietf-lamps-rfc6844bis-06
Reviewer: Peter Yee
Review Date: 2019-05-15
IETF LC End Date: 2019-05-08
IESG Telechat date: Not scheduled for a telechat

Summary: Ready with Issues.  This draft is an update to RFC 6844 dealing with
the CAA RR used to notify CAs as to which CA(s) are allowed to issue
certificates for a particular domain.  The issues and nits I note are rather
minor.  Apologies for the lateness of this review.

Major issues:

Minor issues:

Page 10, 2nd paragraph: the appearance of "sub.wild.example.com" presupposes
that there was no other RRset that matched sub.wild.example.com (or a "deeper"
domain name) already.  That assumption should be noted in this paragraph.

Page 13, section 5.6: a little context should be given here.  This abuse is
only plausible if the domain owner is being given the RRset data by the CA
rather than generating that data itself.

Nits/editorial comments:

Page 5, 1st partial paragraph: change "with" to "within".

Page 5, 1st full paragraph: regarding the reference to Section 4, shouldn't
this actually be Section 3?

Page 8, definition of "Value", 2nd sentence: delete redundant "the".

Page 15, 1st partial paragraph, 1st partial sentence: change "use" to "used".

Page 15, section 7, 2nd paragraph: is there a reference available for the term
"WebPKI"?

Page 15, section 7, 3rd paragraph, 1st sentence: insert "the" before "issue".