Hi Bob, Thanks you for the clarifications, I have updated my local copy with all your comments.
Yours, Daniel [1] https://github.com/mglt/draft-mglt-dnsop-dnssec-validator-requirements/blob/master/draft-mglt-dnsop-dnssec-validator-requirements.xml On Fri, Apr 7, 2017 at 7:35 PM, Daniel Migault <[email protected]> wrote: > Thanks for the review, I will update the copy on the git accordingly. > > Yours, > Daniel > > On Fri, Apr 7, 2017 at 9:51 AM, Bob Harold <[email protected]> wrote: > >> >> On Mon, Mar 27, 2017 at 10:16 AM, Daniel Migault < >> [email protected]> wrote: >> >>> Hi, >>> >>> Please find an update of our draft on requirements for DNSSEC resolver. >>> >>> DNS resolvers hardly enable DNSSEC as 1) resolvers are not robust too >>> DNS authoritative operations – like KSK roll over, signing errors…. – and >>> 2) network administrators have little control on these resolvers to recover >>> such situations. >>> >>> The draft describes how invalid DNSSEC related RRsets may be considered >>> by the resolver. The listed requirements aim at designing mechanisms as >>> well as interactions with network managers can easily solve/avoid these >>> situations. Such mechanisms are expected to encourage DNSSEC deployment on >>> resolvers. >>> >>> Yours, >>> Daniel >>> >>> -----Original Message----- >>> From: [email protected] [mailto:[email protected]] >>> Sent: Monday, March 27, 2017 9:13 AM >>> To: Edward Lewis <[email protected]>; Daniel Migault < >>> [email protected]>; Dan York <[email protected]>; [email protected] < >>> [email protected]> >>> Subject: New Version Notification for draft-mglt-dnsop-dnssec-valida >>> tor-requirements-04.txt >>> >>> >>> A new version of I-D, draft-mglt-dnsop-dnssec-valida >>> tor-requirements-04.txt >>> has been successfully submitted by Daniel Migault and posted to the IETF >>> repository. >>> >>> Name: draft-mglt-dnsop-dnssec-validator-requirements >>> Revision: 04 >>> Title: DNSSEC Validators Requirements >>> Document date: 2017-03-27 >>> Group: Individual Submission >>> Pages: 10 >>> URL: https://www.ietf.org/internet- >>> drafts/draft-mglt-dnsop-dnssec-validator-requirements-04.txt >>> Status: https://datatracker.ietf.org/ >>> doc/draft-mglt-dnsop-dnssec-validator-requirements/ >>> Htmlized: https://tools.ietf.org/html/d >>> raft-mglt-dnsop-dnssec-validator-requirements-04 >>> Htmlized: https://datatracker.ietf.org/ >>> doc/html/draft-mglt-dnsop-dnssec-validator-requirements-04 >>> Diff: https://www.ietf.org/rfcdiff? >>> url2=draft-mglt-dnsop-dnssec-validator-requirements-04 >>> >>> Abstract: >>> DNSSEC provides data integrity and authentication for DNSSEC >>> validators. However, without valid trust anchor(s) and an acceptable >>> value for the current time, DNSSEC validation cannot be performed. >>> This document lists the requirements to be addressed so resolvers can >>> have DNSSEC validation can be always-on. >>> >> >> A few minor sugguestions: >> >> The last part of the abstract >> "can have DNSSEC validation can be always-on" >> remove the last 'can' to get: >> "can have DNSSEC validation be always-on" >> >> 2. Introduction Second paragraph ends: "and then most of the >> communications relying on the DNS resolution." I would suggest "thus >> disabling the communications relying on the DNS resolution." >> >> Fourth paragraph starts: >> "The lake of management" >> "lake" -> "lack" >> >> Fourth paragraph near end: >> "these steps are way to small" >> "to" -> "too" >> and suggest >> "these steps are much too small" >> >> Fifth paragraph >> "and additiona mechanism" >> try either >> "and an additional mechanism" >> or >> "and additional mechanisms" >> >> 8. Private KSK/ZSK >> "split-zone" -> "split-view" >> >> -- >> Bob Harold >> >> >> _______________________________________________ >> DNSOP mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/dnsop >> >> >
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
