Re: [Last-Call] [dnsdir] Dnsdir last call review of draft-ietf-homenet-front-end-naming-delegation-26

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

[ Top-post ]

Just a very quick note to say "Thank you very much!" to Anthony for this review. This document is relatively long, contains lots of DNS related content, and has had significant number of sizable update — all of which leads to this being a much much larger than normal DNSDIR review load.

Thank you!
W



On Tue, Jan 31, 2023 at 12:30 PM, Anthony Somerset <dnsdir@xxxxxxxx> wrote:

Reviewer: Anthony Somerset
Review result: Ready with Issues

Hello

I have been selected as the DNS Directorate reviewer for this draft. The DNS Directorate seeks to review all DNS or DNS-related drafts as they pass through IETF last call and IESG review, and sometimes on special request. The purpose of the review is to provide assistance to the ADs. For more information about the DNS Directorate, please see https://wiki.ietf.org/en/group/dnsdir

There are are clear and direct references to various DNS RFC's and this draft is not in any major conflict with the wider DNS space but the following specific suggestions relating to DNS are made.

I previously Reviewed Version 18 of this draft and am re-rereviewing in line with the comments I made in that review -
https://datatracker.ietf.org/doc/review-ietf-homenet-front-end-naming-delegation-18-dnsdir-telechat-somerset-2022-10-12/

Having re-read the new version a few times, and keeping track of the various reviews as not to duplicate reports for same issues i will try not say the same things again.

I specifically note that Geoff has done a very definitive review of version 25 of the document and i won't repeat those comments in this review but suffice to say i do concur with the assessment of the situation in his review and agree with the position of Ready with Issues as well

I am happy with the large effort to reflow the document - it does now read in a more sensible order and helps with clarity.

I am also happy with the additional security considerations that make sense.

Major Issues: None

Minor Issues:

Section 2 - Public Authoritative Servers - my original NIT was dealt with but I note that anycast is now referenced here which is still extraneous, we are not attempting to deal with the standard of how Public Authoritative Servers be managed operationally

Section 3 - now Section 5 - i note specifically the comment about:

"In the case the HNA is a CPE, outsourcing to the DOI protects the home network against DDoS for example."

I personally would consider this a dangerously inaccurate statement.

This offers NO protection against a DDoS, at best it (only) slightly reduces the attack surface exposed but it provides no meaningful additional protection.

I specifically repeat this and recommend the statement be removed or re-worded appropriately

Section 3.2 - Original NIT dealt with

1.1 - now 3 - NIT dealt with

3.1 now 5.1 - Typo fixed

4.5.1 - now 6.5.1 - i believe this NIT to be well addressed now, the reflowing of the document definitely helps here.

Thanks

--
dnsdir mailing list
dnsdir@ietf.org
https://www.ietf.org/mailman/listinfo/dnsdir


-- 
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux