[Last-Call] Dnsdir last call review of draft-ietf-uta-rfc6125bis-12

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Reviewer: Petr Špaček
Review result: Ready with Nits

Reviewer: Petr Špaček
Review result: Ready with Nits

Hi,

I was assigned as the dnsdir reviewer for draft-ietf-uta-rfc6125bis-13.

For more information about the DNS Directorate, please see
https://wiki.ietf.org/en/group/dnsdir

It seems that couple fixes for nits pointed out and agreed to (I believe) in
the previous round of review did not make it into the -13 version.

First, one new typo:
Search for "can is", it should be just "is". Context: "IPv4 address can is a
valid DNS name.".

Three not-yet-fixed nits which I believe we agreed to fix in our previous
e-mail exchange follow:

>   6.3. Matching the DNS Domain Name Portion
> 1.   There is only one wildcard character.
> 2.   The wildcard character appears only as the complete content of the
left-most label. > If the requirements are not met, the presented identifier is
invalid and MUST be ignored. A wildcard in a presented identifier can only
match exactly one label in a reference identifier. This specification covers
only wildcard characters in presented identifiers, not wildcard characters in
reference identifiers or in DNS domain names more generally. Therefore the use
of wildcard characters as described herein is not to be confused with DNS
wildcard matching, where the "*" label always matches at least one whole label
and sometimes more; see [DNS-CONCEPTS], Section 4.3.3 and [DNS-WILDCARDS]. For
information regarding the security characteristics of wildcard certificates,
see Section 7.1.

I recommend adding an explicit statement that rules given here
_also_ intentionally deviate from RFC 4592 section 2.1.3.

Reasoning: It explicitly mentions deviation from 4.3.3 but a causal reader
might be confused by preceding 2.1.3.

>   6.4. Matching an IP Address Portion
> This document does not specify how an SRV-ID reference identity can include
an IP address.

I think SRV-ID clearly says it's just DNS name, so the presented identifier
cannot match an IP address. I think this section should clearly say that IP
addresses cannot match SRV-ID.

> 7.4. IP Addresses

Maybe add a reference to section 3. Designing Application Protocols where this
is discussed (in the last paragraph)?

All the rest was addressed in -13.

Thank you!
Petr Špaček
dnsdir


-- 
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux