Javascript disabled? Like other modern websites, the IETF Datatracker relies on Javascript. Please enable Javascript for full functionality.

DNS Security (DNSSEC) Experiments
RFC 4955

Yes

(Mark Townsley)

No Objection

Lars Eggert

(Bill Fenner)

(Brian Carpenter)

(Cullen Jennings)

(Dan Romascanu)

(David Kessens)

(Jari Arkko)

(Jon Peterson)

(Lisa Dusseault)

(Magnus Westerlund)

(Ross Callon)

(Russ Housley)

(Sam Hartman)

(Ted Hardie)

Note: This ballot was opened for revision 04 and is now closed.

Lars Eggert

(was Discuss) No Objection

Comment (2006-10-11) Unknown

  I was surprised to see this going for PS and not BCP. IMO
  this document describes the best current practice methodology for
  setting up DNSSEC experiments and should go for BCP.

Section 4., paragraph 1:
>    having only unknown algorithm identifiers in the DS records for the
>    delegation to the zone at the parent.

  Nit: expand DS on first use.

Mark Townsley Former IESG member

Yes

Yes () Unknown

Bill Fenner Former IESG member

No Objection

No Objection () Unknown

Brian Carpenter Former IESG member

No Objection

No Objection (2006-10-09) Unknown

Editorial points from Gen-ART review by Francis Dupont,
with author comments.

>> Minor points (they should be fixed by the RFC Editor):
>>  - in 1 page 3: a missing closing parenthesis. I suggest to add the
>>    number of the RFCs too.

Sounds good.

>>  - is "validatable" (in 4 page 7 and 6 page 9) a correct English word?

Er, I guess not :)  I suggest rewording (from 4 on page 7):

  That is, a zone is either in an experiment and only experimentally
  validatable, or it is not.

with

  That is, a zone is either in an experiment and only possible to
  validate experimentally, or it is not.

And suggest rewording (from 6 on page 9):

  For instance, the resolver may look at a non-validatable response and
  conclude that the response is bogus, either due to local policy or
  implementation details.

with

  For instance, the resolver my look at a response that cannot be
  validated and still conclude that the response is bogus, either due to
  local policy or implementation details.


>>  - in 10.2 page 13 reference [6] is obsolete: a new version 03 was
>>    submitted in June.

Cullen Jennings Former IESG member

No Objection

No Objection () Unknown

Dan Romascanu Former IESG member

No Objection

No Objection (2006-10-06) Unknown

Why is this document aimed to be a Proposed Standard and not a BCP?

David Kessens Former IESG member

No Objection

No Objection () Unknown

Jari Arkko Former IESG member

(was Discuss, No Objection) No Objection

No Objection () Unknown

Jon Peterson Former IESG member

No Objection

No Objection () Unknown

Lisa Dusseault Former IESG member

No Objection

No Objection () Unknown

Magnus Westerlund Former IESG member

No Objection

No Objection () Unknown

Ross Callon Former IESG member

No Objection

No Objection () Unknown

Russ Housley Former IESG member

No Objection

No Objection (2006-10-09) Unknown

  Please rename section 6.  A reasonable title might be 
  "Experiment Considerations".

  From the SecDir review by Stefan Santesson:
  
  Section 5 states:
  >
  > Resolvers MUST only recognize the experiment's semantics when
  > present in a zone signed by one or more of these algorithm
  > identifiers.
  >
  Strictly speaking, nothing is signed by an algorithm identifier.
  It seems that the text tries to say:
  >
  > Resolvers MUST only recognize the experiment's semantics when
  > present in a zone signed with one or more algorithms identified
  > by these algorithm identifiers.

Sam Hartman Former IESG member

No Objection

No Objection () Unknown

Ted Hardie Former IESG member

No Objection

No Objection () Unknown

DNS Security (DNSSEC) Experiments RFC 4955

DNS Security (DNSSEC) Experiments
RFC 4955