Re: [IPsec] WGLC on draft-ietf-ipsecme-split-dns-02

Mon, 30 Oct 2017 06:25:38 -0700 

Hi,

> All,
> 
> This message starts a Working Group Last Call (WGLC) for 
> draft-ietf-ipsecme-split-dns-02.
> 
> The version to be reviewed can be found here: 
> https://www.ietf.org/id/draft-ietf-ipsecme-split-dns-02.txt.
> 
> Please send your comments, questions, and edit proposals to the WG mail list 
> until November 9th, 2017.  If
> you believe that the document is ready to be submitted to the IESG for 
> consideration as a Standards Track
> RFC please send a short message stating this.
> 
> Best Regards,
> Dave and Tero

I found the document almost ready. A few editorial issues should be resolved.

1. Throughout the document attribute INTERNAL_DNSSEC_TA is often called 
INTERNAL_DNS_TA.
    Please, choose a single name :-)

2. Section 3.1

   To indicate support for Split DNS, an initiator includes one more
   more INTERNAL_DNS_DOMAIN attributes as defined in Section 4 as part
   of the CFG_REQUEST payload.

s/one more more/one or more

3. Section 4.1

   o  Domain Name (0 or more octets) - A Fully Qualified Domain Name
      used for Split DNS rules, such as example.com, in DNS presentation
      format and optionally using IDNA [RFC5890] for Internationalized
      Domain Names.  The value is NOT null-terminated.

Why NOT is in uppercase? It is not a RFC2119 word, I guess...

4. Section 4.2

   o  DNSKEY algorithm (0 or 1 octet) - Value from the IANA DNS Security
      Algorithm Numbers Registry

   o  DS algorithm (0 or 1 octet) - Value from the IANA Delegation
      Signer (DS) Resource Record (RR) Type Digest Algorithms Registry

There are no such fields in the picture above. There are fields 
Algorithm  and Digest Type. Please, make the names match 
those in the picture.

5. Section 6

   INTERNAL_DNSSEC_TA directives MUST immediately follow an
   INTERNAL_DNS_DOMAIN directive.  As the INTERNAL_DNSSEC_TA format
   itself does not contain the domain name, it relies on the preceding
   INTERNAL_DNS_DOMAIN to provide the domain for which it specifies the
   trust anchor.

s/directives/attributes
s/directive/attribute

Regards,
Valery.


_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec

Reply via email to