Hi! From: Paul Wouters [mailto:[email protected]] Sent: Wednesday, April 10, 2019 12:49 PM To: Roman Danyliw <[email protected]> Cc: The IESG <[email protected]>; [email protected]; Tim Wicinski <[email protected]>; [email protected]; [email protected] Subject: Re: Roman Danyliw's No Objection on draft-ietf-dnsop-algorithm-update-08: (with COMMENT)
Thanks for the review! On Wed, Apr 10, 2019 at 5:30 PM Roman Danyliw via Datatracker <[email protected]<mailto:[email protected]>> wrote: ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- (1) Abstract. Nit. There is a reference, [RFC6944], in the abstract which isn’t permitted. Hmm, it is really just giving a clickable reference to the document we are obsoleting. It's kind of nice to have there. But I guess you are right that it is not allowed, so I've made the text without a reference. [Roman] Thanks. (2) Section 1.2, Per “This document only provides recommendations with respect to mandatory-to-implement algorithms or algorithms so weak that recommendation cannot be recommended” ** Editorial: s/algorithms so weak that recommendation cannot be recommended/ algorithms so weak that they cannot be recommended/ Was fixed in -08 [Roman] Thanks. ** The first part of the sentence doesn’t appear to be consistent with the RFC2119 words in the Section 3.1 Table which also includes RECOMMENDED/MAY (which is neither MTI or NOT RECOMMENDED) It is recommended in lower case, not in 2119 meaning? [Roman] Ok. I didn’t read it like that. (3) Section 1.3, Typo, s/from from/from/ (4) Section 3.1, Typo, s/cryptographics/cryptographic/ Were already fixed. (5) Section 3.1, ED448 appears to be the only algorithm that doesn’t have treatment in even briefly describing its designated implementation recommendation. It does get mentioned in the beginning of the paragraph. But there isn't much to say really. It's there but just slightly stronger than 25519, so not really worth the effort. I think it is okay to leave it as motsly uninteresting, but if someone has some text, I'm fine with that too. (6) Section 3.1, The sentence “It is expected that ED25519 will become the future RECOMMENDED default algorithm …” is clear on the future. However, looking back at the table in this section, it wasn’t clear what the current default algorithm is. I've changed it a little bit to indicate this by adding a sentence here: RSASHA256 is in wide use and considered strong. It has been the default algorithm for a number of years and is now slowly being replaced with ECDSAP256SHA256 due to its shorter key and signature size, resulting in smaller DNS packets. [Roman] This is clearer. Thanks. (7) Section 3.2, The sentence “Operation recommendation for new and existing deployments.” Seems to stand alone or is missing some words. Should it be something along the lines of “This section provides operational recommendations …” I've removed the sentence. (8) Section 3.2, Typo, s/is RECOMMENDED/is the RECOMMENDED/ (9) Section 3.4, Editorial, s/The SHA-256/SHA-256/ Were already fixed in -08. (10) Section 4, Typo, s/seciton/section/ Fixed. (11) Section 5, Editorial, s/for the use of DNSSEC/for use in DNSSEC/ Fixed. The -09 should appear shortly with these fixes. [Roman] Thanks so much for closing the loop on these and making the changes. Thanks! Paul
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
