Reviewer: Matthew Miller Review result: Ready with Nits I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please wait for direction from your document shepherd or AD before posting a new version of the draft. For more information, please see the FAQ at <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>. Document: draft-ietf-tls-dnssec-chain-extension-06 Reviewer: Matthew A. Miller Review Date: 2018-02-06 IETF LC End Date: 2018-02-07 IESG Telechat date: 2018-02-08 Summary: This document is ready, with one issue that I think could benefit from some clarification. Major issues: NONE Minor issue: This is more a question, that might warrant some clarification: In 7. Verification, the last paragraph discusses client-side caching of the RRsets. If a client has cached the full RRset chain from TLSA to root RRSIG (and that cache is still viable), is the client still expected to specify the "dnssec_chain" extension? In my reading, that does not seem necessary, and I think it might be worth noting if that is true. Nits/editorial comments: NONE