Telechat Review of draft-ietf-tls-dnssec-chain-extension-06
review-ietf-tls-dnssec-chain-extension-06-genart-telechat-miller-2018-02-06-00

Request Review of draft-ietf-tls-dnssec-chain-extension
Requested revision No specific revision (document currently at 07)
Type Telechat Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2018-02-06
Requested 2018-01-25
Authors Melinda Shore , Richard Barnes , Shumon Huque , Willem Toorop
I-D last updated 2018-02-06
Completed reviews Genart Telechat review of -06 by Matthew A. Miller (diff)
Assignment Reviewer Matthew A. Miller
State Completed
Request Telechat review on draft-ietf-tls-dnssec-chain-extension by General Area Review Team (Gen-ART) Assigned
Reviewed revision 06 (document currently at 07)
Result Ready w/nits
Completed 2018-02-06
review-ietf-tls-dnssec-chain-extension-06-genart-telechat-miller-2018-02-06-00
I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair. Please wait for direction from your
document shepherd or AD before posting a new version of the draft.

For more information, please see the FAQ at

<https://trac.ietf.org/trac/gen/wiki/GenArtfaq>.

Document: draft-ietf-tls-dnssec-chain-extension-06
Reviewer: Matthew A. Miller
Review Date: 2018-02-06
IETF LC End Date: 2018-02-07
IESG Telechat date: 2018-02-08

Summary:

This document is ready, with one issue that I think could benefit
from some clarification.

Major issues:

NONE

Minor issue:

This is more a question, that might warrant some clarification:
In 7. Verification, the last paragraph discusses client-side
caching of the RRsets. If a client has cached the full RRset chain
from TLSA to root RRSIG (and that cache is still viable), is the
client still expected to specify the "dnssec_chain" extension?

In my reading, that does not seem necessary, and I think it might
be worth noting if that is true.

Nits/editorial comments: 

NONE