Hello Paul.
First off, this is an RSSAC document so it is not clear why you think someone
from the root
opserator community should do the copy editing.
> The paragraph at the end of section 1 (the "isn't really 2119 language" text)
> is quite cute and will cause you a world of pain and delay. You have
> de-capped everything, so remove the paragraph. (Unless you're just trying to
> make John Klensin even grumpier, which is also quite cute but will also cause
> you a world of pain and delay).
IETF tools complains when that text is removed. Will see if there is a clean
way around it.
> The intro to section 3 says:
> The servers need both physical and protocol security as well as
> unambiguous authentication of their responses. Physical security focuses
> on the machines and their locations, Protocol security and response
> authentication are covered by Internet Protocol standards.
> However, there are three subsections, the middle being "network security".
> Further, much of the protocol security is covered by by transport layer
> security, not IP security. Proposed new wording:
> The servers need to be protected by physical and protocol security for
> their administration and communications. They also need to be protected
> by network security to reduce their vulnerability to attack. Physical
> security focuses on the machines and their locations, network security
> focuses on the way that the root servers are connected to the Internet,
> and protocol security focuses on administrative communication with the
> servers as well as integrity protection for the messages from the
> servers to the public.
Going back to the document to see which parts you quoted and which were your
suggested
changes. Will fold in the intent of your suggestion.
> The text in 3.2.5 doesn't make sense. NTP can't be on the list if the
> operator is expected to get time updates "in as secure manner as possible". A
> proposed rewording would be to just remove that phrase because you describe
> what operationally is needed to use NTP in a non-crypto secure manner.
or ... update the text to describe secure NTP - which is not uniformly
used.
or the use of local "clocks".
> For the author reference, consider adding the URL
> <http://www.root-servers.org/>, given that mail to the address listed will
> often be automatically lost. (Bonus points for updating that page to
> eliminate the decade-old presentations and just leave the news!)
again, this is an RSSAC work product, not just root-operators. and the
URL
listed is not uniformly used by all operators. so will likely just
leave
it as RSSAC. That said, if URLs are accepted in author references (and
I have
to admit not seeing that used previously) then a link to the RSSAC page
might
be in order.
>
> --Paul Hoffman
>
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
