I think the draft is just about ready for publication as well. On May 5, 2015, at 5:53 PM, Paul Hoffman <paul.hoff...@vpnc.org> wrote:
> This document has progressed very well and is nearly ready for publication. > > Related to an earlier thread about intended status: "Informational" is most > appropriate here because the document is all about proposed operations but no > "best current practice". There is no problem with WGs producing Informational > RFCs, and Informational RFCs can have RFC 2119 language. > > In Section 2, there should be a new paragraph after the first paragraph that > describes why the "reasonable attempt" in the first paragraph is needed to > determine whether the attacker has partial control of the zone, or is just > mounting an on-path attack between all the nameservers and the recursive. > > In Section 2, it talks about "a popular domain name" but don't say how to > determine that. Giving examples of sources of that data would be valuable. > I would recommend local query logs, naturally. > > In Section 7.1, the second paragraph is *not* a security consideration, it is > a proposal for how NTAs should be implemented. Please make this its own > section earlier in the document, possibly called "Altering Users of NTA Use". > There is a security consideration there, reading between the lines - in that this is broadcasting a spoofable name to the world. However, a "Altering User's" section would be a good addition to include text about apps that may break if it is known they demand to see the AD bit set in responses. Scott =================================== Scott Rose NIST scott.r...@nist.gov +1 301-975-8439 Google Voice: +1 571-249-3671 http://www.dnsops.gov/ https://www.had-pilot.com/ =================================== _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
