Reviewer: Liang Xia
Review result: Has Issues
Nit:
1. Section 6.1, s/This connection is made to TCP port 853, the default port for
DNS-over-TLS DNS over TLS [RFC7858]./This connection is made to TCP port 853,
the default port for DNS-over-TLS [RFC7858]. 2. Table 2, RECONFIRM should be
C-U TLV type.
Comments:
1. why are UNSUBSCRIBE and RECONFIRM the client unidirectional message?
2. In UNSUBSCRIBE message, why do you choose to use SUBSCRIBE MESSAGE ID, not
NAME+TYPE+CLASS? 3. In the section of Security Considerations:
1) you should also mention that TLS provides the anti-replay protection
service for DNS Push; 2) maybe you need to consider the client
authentication to achieve policy control and detect illegal client; 3) TLS
WG are specifying the SNI encryption mechanism, will it influence your TLS
name authentication?
