Hi Ketan, Thank you for your review! Please see below.
On 5/21/26 15:18, Ketan Talaulikar via Datatracker wrote:
---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thanks to the authors and the WG for their work on this document. I have a couple of comments to offer. 1) This is provided as a comment instead of a DISCUSS since I am not familiar with this subject matter. I would request my fellow ADs and the authors/WG to cross-check. Sec 6.1 says: To secure ongoing operations, automated DS maintenance MUST NOT be suspended based on a registrar update lock alone (such as EPP status clientUpdateProhibited [RFC5731]). When performed by the registry, automated DS maintenance MUST NOT be suspended based on a registry update lock alone (such as EPP status serverUpdateProhibited [RFC5731]). Is this in sync with what is specified in RFC5731 (not just letter but also spirit)? Or does it overrule that specification in the context of DS operations? RFC5731 is an Internet Standard. I don't think this document updates that, but well ... just checking!
This recommendation was developed in consultation with Scott Hollenbeck, who's the author of the RFC 5731, and does not update another RFC. Here's the history if you'd like to trace it: https://mailarchive.ietf.org/arch/browse/dnsop/?q=locks%20ds-automation
2) Given that this is a BCP, I would suggest to remove Appendix A to avoid duplication of the text. IMHO it is equally important for readers to go through the analysis that is accompanying the recommendations to grasp the full context. We have AI for summaries ;-)
As there are many recommendations, it seemed useful to have an implementation overview for those who just want to work through it without deviating. However, I see your point and appreciate the suggestion. I'm not sure where the consensus lies about that, and will make the change if other IESG (or DNSOP) members chime in. Best, Peter _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
