I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please treat these comments just like any other last call comment. For background on Gen-ART, please see the FAQ at <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq> (Actually, I'm tardy on this review. It inexplicably dropped off my radar. So deal with these comments when you get around to handling Telechat input or AUTH48 or whenever it suits you! I'm still posting this review as it will be needed come the Telechat.) Document: draft-ietf-dnsop-cookies-08 Reviewer: Peter Yee Review Date: December 24, 2015 IETF LC End Date: December 14, 2015 IESG Telechat date: TBD Summary: This draft is basically ready for publication, but has nits that should be fixed before publication. [Ready with nits] The draft provides a lightweight means to increase the difficulty of certain DNS attacks by off-path attackers, but it isn't designed to be the be all and end all of DNS security. It can be deployed incrementally. Major issues: None Minor issues: Page 14, Section 5.2.4, 1st paragraph, 1st sentence: It might be useful to mention what the examination entails as it would help in understanding the 3rd sentence in the paragraph. There's an implied recalculation of the Server Cookie value based on the received Client Cookie and client IP address as opposed to a simple lookup of the received value. Nits: Page 12, Section 5.2, 3rd paragraph, 1st sentence: change "the the" to just "the". Page 13, Section 5.2.2, 2nd paragraph: append "bytes" after "40". Page 14, Section 5.2.4, 1st paragraph, 2nd sentence: delete the sentence. It's redundant with the 1st sentence. Page 15, Section 5.4, 2nd paragraph, 1st sentence: change first "a" to "an". Page 15, Section 5.4, 4th paragraph, 1st sentence: change first "a" to "an". Page 17, Section 6, 1st paragraph, 2nd sentence: change "indefinitely" to "indefinite". Page 21, Section 9, 2nd paragraph, 2nd sentence: change "WPAv2" to "WPA2" (the Wi-Fi Alliance's term). Page 23, Section 10: change "a" to "an". Page 27, Section A.1, 1st sentence: change "An" to "A". Page 29, 1st partial sentence: if you're going to drop beta earlier in the section, you might as well give the BIND version number here as well. It's no longer apparent that a beta version was involved.