On Mon, Mar 27, 2017 at 10:16 AM, Daniel Migault < [email protected]> wrote:
> Hi, > > Please find an update of our draft on requirements for DNSSEC resolver. > > DNS resolvers hardly enable DNSSEC as 1) resolvers are not robust too DNS > authoritative operations – like KSK roll over, signing errors…. – and 2) > network administrators have little control on these resolvers to recover > such situations. > > The draft describes how invalid DNSSEC related RRsets may be considered by > the resolver. The listed requirements aim at designing mechanisms as well > as interactions with network managers can easily solve/avoid these > situations. Such mechanisms are expected to encourage DNSSEC deployment on > resolvers. > > Yours, > Daniel > > -----Original Message----- > From: [email protected] [mailto:[email protected]] > Sent: Monday, March 27, 2017 9:13 AM > To: Edward Lewis <[email protected]>; Daniel Migault < > [email protected]>; Dan York <[email protected]>; [email protected] < > [email protected]> > Subject: New Version Notification for draft-mglt-dnsop-dnssec- > validator-requirements-04.txt > > > A new version of I-D, draft-mglt-dnsop-dnssec- > validator-requirements-04.txt > has been successfully submitted by Daniel Migault and posted to the IETF > repository. > > Name: draft-mglt-dnsop-dnssec-validator-requirements > Revision: 04 > Title: DNSSEC Validators Requirements > Document date: 2017-03-27 > Group: Individual Submission > Pages: 10 > URL: https://www.ietf.org/internet-drafts/draft-mglt-dnsop- > dnssec-validator-requirements-04.txt > Status: https://datatracker.ietf.org/doc/draft-mglt-dnsop-dnssec- > validator-requirements/ > Htmlized: https://tools.ietf.org/html/draft-mglt-dnsop-dnssec- > validator-requirements-04 > Htmlized: https://datatracker.ietf.org/doc/html/draft-mglt-dnsop- > dnssec-validator-requirements-04 > Diff: https://www.ietf.org/rfcdiff?url2=draft-mglt-dnsop-dnssec- > validator-requirements-04 > > Abstract: > DNSSEC provides data integrity and authentication for DNSSEC > validators. However, without valid trust anchor(s) and an acceptable > value for the current time, DNSSEC validation cannot be performed. > This document lists the requirements to be addressed so resolvers can > have DNSSEC validation can be always-on. > A few minor sugguestions: The last part of the abstract "can have DNSSEC validation can be always-on" remove the last 'can' to get: "can have DNSSEC validation be always-on" 2. Introduction Second paragraph ends: "and then most of the communications relying on the DNS resolution." I would suggest "thus disabling the communications relying on the DNS resolution." Fourth paragraph starts: "The lake of management" "lake" -> "lack" Fourth paragraph near end: "these steps are way to small" "to" -> "too" and suggest "these steps are much too small" Fifth paragraph "and additiona mechanism" try either "and an additional mechanism" or "and additional mechanisms" 8. Private KSK/ZSK "split-zone" -> "split-view" -- Bob Harold
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
