Stephen Farrell has entered the following ballot position for draft-ietf-dnsop-edns-chain-query-06: Yes
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-dnsop-edns-chain-query/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- - In section 3 you promised me privacy considerations in section 8 but I didn't find any there. That was almost a DISCUSS, but since fixing it is easy and I assume won't be controversial I can stick with a YES ballot:-) - I would suggest that you do note in section 8, that the fqdn in the CHAIN option could allow an attacker to (re-)identify a client. E.g. if the attacker sees that you have validated tetbed.ie before that could single you out, even if you have changed your n/w, cilent IP address etc. Presumably that would be a relatively long lasting concern as well, as RRSIG expiry tends to be weeks ahead. I think just noting that and maybe saying that DPRIVE is a likely mitigation would be a good thing to do. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
