Dear colleagues,
I have read draft-ietf-dnsop-5966bis-01. I have some comments.
To begin with, I must say that the draft is in really very good shape
and I think it more or less ready to ship. Good work. I support the
document and believe it should be published as an RFC once a couple
small issues are addressed:
In section 5, there's "In essence, TCP SHOULD be considered as valid a
transport as UDP." I don't think that's a 2119 SHOULD. It's just an
aspriational statement, really.
In section 6, there's this:
The server MUST NOT enforce these rules for a particular
client because it does not know if the client IP address belongs to a
single client or is, for example, multiple clients behind NAT.
I don't think that MUST NOT is reasonable. I could accept SHOULD NOT,
I suppse. This topic looks to me like operational policy, and an
operator could easily decide to enforce such a limit in case (for
instance) that it knows that there are no NATs of the sort in question
in the network in question. Mostly I think this just wants a big fat
warning that if you _do_ create such limits, NATs may be broken in
surprising ways, which is a good reason not to do that.
Best regards,
A
--
Andrew Sullivan
[email protected]
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
