I am the assigned Gen-ART reviewer for this draft. For background on
Gen-ART, please see the FAQ at
<http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>. Please
resolve these comments along with any other Last Call comments you may
receive.
Document: draft-ietf-dnsext-dnssec-registry-fixes-08
Reviewer: Alexey Melnikov
Review Date: 2011-06-05
IETF LC End Date: 2011-06-09
IESG Telechat date:
Summary: not ready for publication as a Proposed Standard, but should be
easy to fix
Major issues:
Firstly, looking at the difference between this document and the IANA
registry
<http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xml>
I can see that they have different list of RFC numbers in the rightmost
collumn. Is this intentional and is the list in the RFC is actually correct?
Secondly, as somebody else already pointed out during the IETF LC the
range 123-251 is Reserved by [RFC6014] and this is not mentioned in the
draft.
2.3. Specifying New Algorithms and Updating Status of Existing Entries
[RFC6014] establishes a parallel procedure for adding a registry
entry for a new algorithm other than a standards track document.
Algorithms entered into the registry using that procedure do not have
a listed compliance status. Specifications that follow this path do
not need to obsolete or update this document.
Adding a newly specified algorithm to the registry with a compliance
status SHALL entail obsolescing this document and replacing the
registry table (with the new algorithm entry). Altering the status
column value of any existing algorithm in the registry SHALL entail
obsoleting this document and replacing the registry table.
This document cannot be updated, only made obsolete and replaced by a
successor document.
My personal opinion is that replacing the whole table every time a
change to a single algorithm implementation status needs to be made is a
mistake and that will lead to exactly the kind of trouble that this
document demonstrates: the document is introducing errors to the
registry. I trust the WG understands what exactly it is doing.
Minor issues:
Abstract
This reads like a compressed version of the Introduction section and it
is hard to understand before one actually reads the Introduction
section. Some comments below in attempt to make this a bit clearer:
The DNS Security Extensions (DNSSEC) requires the use of
cryptographic algorithm suites for generating digital signatures over
DNS data. There is currently an IANA registry for these algorithms
that is incomplete in that it lacks the implementation status
Maybe "the recommended implementation status"? Before I read the rest of
the document I thought that that field is about deployment status.
of each
algorithm. This document provides an applicability statement on
algorithm implementation compliance status for DNSSEC
implementations. This status is to measure compliance to this RFC
only.
Is the last quoted sentence needed here? I would drop it, as it seems
out of context here.
This document replaces that registry table with a new IANA
registry table for Domain Name System Security (DNSSEC) Algorithm
Numbers that lists (or assigns) each algorithm's status based on the
current reference.
The Abstract is missing the list of documents being updated and there is
one obsolete reference (which is intentional according to the
shepherding write-up).
Nits: none
_______________________________________________
Gen-art mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/gen-art
