Corey,
On Wed, Jul 5, 2023 at 2:47 PM Corey Bonnell via dnsdir <dnsdir@xxxxxxxx> wrote:
Hi Tim,
Thank you for your review. Comments inline.
> This is a very minor nit, but when I was validating the ABNF, I realized the proper order should have these two first
My preference would be to keep the grammar as-is, for two reasons:
1. The current grammar is identical to that in RFC 8659 and reordering them would introduce a deviation between the two documents.
2. While entirely reasonable that production rules should be defined prior to being used, I don't believe that RFC 5234 provides any guidance regarding the relative ordering of production rules.
No this makes sense, I did not look at 8659 so bad on me. I also was thinking I should just hack up 'bap' to not throw the errors.
However, I'd be happy to change the ordering if there are strong feelings that this should be changed.
> malformed.client.example CAA 0 issuemail "authority.example; %%%%%"
> If I read this correctly, the entire record is ignored. Is this true?
The record isn't ignored, but rather treated as if it contains an empty issuer-domain-name. In the absence of any other issuemail records in the RRSet, this would be interpreted as a prohibition on issuance.
Okay, so any part of a record the CA fails to parse the issuer-domain-name is set to be the empty string (for that CAA record).
thanks and going over the text again also shows that.
then we should be good
thanks
tim
Thanks,
Corey
-----Original Message-----
From: Tim Wicinski via Datatracker <noreply@xxxxxxxx>
Sent: Saturday, July 1, 2023 5:51 PM
To: dnsdir@xxxxxxxx
Cc: draft-ietf-lamps-caa-issuemail.all@xxxxxxxx; last-call@xxxxxxxx; spasm@xxxxxxxx
Subject: Dnsdir last call review of draft-ietf-lamps-caa-issuemail-04
Reviewer: Tim Wicinski
Review result: Ready with Nits
Reviewer: Tim Wicinski
Review result: Ready with Nits
I have been selected as the DNS Directorate reviewer for this draft. The DNS Directorate seeks to review all DNS or DNS-related drafts as they pass through IETF last call and IESG review, and sometimes on special request. The purpose of the review is to provide assistance to the ADs.
For more information about the DNS Directorate, please see https://wiki.ietf.org/en/group/dnsdir
I find the document well written, and easy to understand. I have a few minor nits.
This is a very minor nit, but when I was validating the ABNF, I realized the proper order should have these two first:
label = (ALPHA / DIGIT) *( *("-") (ALPHA / DIGIT))
issuer-domain-name = label *("." label)
Like I said, very minor. (according to bap)
A question on malformed parameters (Section 4):
The text says this:
However, parameters that do not conform to the ABNF syntax as defined
in Section 3 will result in the issuemail-value being not conformant
with the ABNF syntax. As stated above, a Property whose issuemail-
value is malformed SHALL be treated as if the issuer-domain-name in
the issuemail-value is the empty string.
And you have this example of a malformed property.
malformed.client.example CAA 0 issuemail "%%%%%"
But what happens if this is the record?
malformed.client.example CAA 0 issuemail "authority.example; %%%%%"
If I read this correctly, the entire record is ignored. Is this true?
--
dnsdir mailing list
dnsdir@xxxxxxxx
https://www.ietf.org/mailman/listinfo/dnsdir
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call