Hi Michael,
(Focusing on this specific comment and part of the text)
* I don't think we can leave the ref to the bootstrap I-D as that was abandoned
since a while. I was delete that citation.
* Not sure why DoT/DoH is explicitly mentioned in that text. I think the
reasoning should be more about encrypted DNS in general.
* I don't parse what is meant by " includes using DoT/DoH is a local decision,
but a locally provided
DoT server SHOULD be used,"
* In the text right after, you have the following:
The ADD WG is currently only focusing on insecure discovery
mechanisms like DHCP/RA [I-D.ietf-add-dnr] and DNS based discovery
mechanisms ([I-D.ietf-add-ddr]).
I would refresh the text as both DNR and DDR are to be published as RFCs.
* Also, not sure it is worth mentioning here given the scope, but secure
discovery is possible with draft-ietf-ipsecme-add-ike.
* Not sure I would maintain "Use of public QuadX resolver" as there are public
resolvers that are not Quads
* "This should include the port numbers (53, 853 for DoT, 443 for DoH)": these
are default ports numbers. Alternate port numbers can be used and thus be
configured.
Aaah, BTW please remove this entry:
[I-D.peterson-doh-dhcp]
Peterson, T., "DNS over HTTP resolver announcement Using
DHCP or Router Advertisements", Work in Progress,
Internet-Draft, draft-peterson-doh-dhcp-01, 21 October
2019, <https://www.ietf.org/archive/id/draft-peterson-doh-
dhcp-01.txt>.
and double check the normative references. I'm sure those at least are not
normative:
[Akamai] "Akamai", 2019,
<https://en.wikipedia.org/wiki/Akamai_Technologies>.
[AmazonS3] "Amazon S3", 2019,
<https://en.wikipedia.org/wiki/Amazon_S3>.
[I-D.ietf-dnsop-terminology-ter]
Hoffman, P. E., "Terminology for DNS Transports and
Location", Work in Progress, Internet-Draft, draft-ietf-
dnsop-terminology-ter-02, 3 August 2020,
<https://www.ietf.org/archive/id/draft-ietf-dnsop-
terminology-ter-02.txt>.
Cheers,
Med
> -----Message d'origine-----
> De : OPSAWG <[email protected]> De la part de Michael Richardson
> Envoyé : mercredi 18 octobre 2023 17:37
> À : Rob Wilton (rwilton) <[email protected]>
> Cc : [email protected]; draft-ietf-opsawg-mud-iot-dns-
> [email protected]
> Objet : Re: [OPSAWG] AD review of draft-ietf-opsawg-mud-iot-dns-
> considerations-08
>
>
>
> > (7) p 11, sec 6.5. Prefer DNS servers learnt from DHCP/Route
> Advertisements
>
> > IoT Devices should prefer doing DNS to the network provided DNS
> > servers. Whether this is restricted to Classic DNS (Do53) or
> also
> > includes using DoT/DoH is a local decision, but a locally
> provided
> > DoT server SHOULD be used, as recommended by
> > [I-D.reddy-add-iot-byod-bootstrap].
>
> > Should it be DoT/DoH server SHOULD be used, or do you mean to
> > specifically recommend DoT over DoH here?
>
> Yeah, the /DoH is missing, and has been added.
> It's that a *local* DoT/DoH is preferred.
>
____________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations
confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce
message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages
electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou
falsifie. Merci.
This message and its attachments may contain confidential or privileged
information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete
this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been
modified, changed or falsified.
Thank you.
_______________________________________________
OPSAWG mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/opsawg
