[Last-Call] Secdir last call review of draft-ietf-dnsop-zoneversion-06

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Reviewer: Shawn Emery
Review result: Has Nits

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These comments
were written primarily for the benefit of the security area directors. Document
editors and WG chairs should treat these comments just like any other last call
comments.

This draft specifies an extension in DNS for providing zone version information
for the associated query name.  This data allows callers to better correlate
the queried name to a zone version that it belongs, in order to better diagnose
synchronicity issues.

The security considerations section does exist and describes that this EDNS
extension does not protect against an active attacker and therefore should only
be used for diagnostic purposes only.  The section continues, if zone version
information is to protected against an active attacker then the user should use
TSIG (RFC 8945) or SIG(0) (RFC 2931) to authenticate and provide integrity
protection.  In addition, there are no new privacy issues introduced by the new
extension given that version information is already provided publicly.  I agree
with the aforementioned assertions.

General Comments:

What's an unsigned decimal integer vs. unsigned integer?

Editorials Comments:

s/and and/and/
s/correspond do/correspond to the/


-- 
last-call mailing list -- last-call@xxxxxxxx
To unsubscribe send an email to last-call-leave@xxxxxxxx




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux