Alissa Cooper has entered the following ballot position for draft-ietf-dnsop-edns-client-subnet-06: No Objection
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-dnsop-edns-client-subnet/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- I support Stephen's DISCUSS point. My assumption in reading the recommendation is that all recursive resolvers are recommended to disable ECS by default. = Section 1 = "The motivation for a user to configure such a Centralized Resolver varies but is usually because of some enhanced experience, such as greater cache security or applying policies regarding where users may connect." Assuming by "user" you mean end user of the DNS, I think this would make more sense if it said "user or ISP" or something like that. I assume it's much more common for ISPs to explicitly choose to use centralized resolvers than for end users to do so. = Section 2 = Given that you reference specific implementations in various places in the document, would be interesting to note any specific implementations that surface the opt-out choice to users. = Section 5 = s/client location/client network location/ = Section 7.2.1 = "A SCOPE PREFIX-LENGTH value longer than the SOURCE PREFIX-LENGTH indicates that the provided prefix length was not specific enough to select the most appropriate Tailored Response. Future queries for the name within the specified network SHOULD use the longer SCOPE PREFIX-LENGTH." I think it would help to expand a bit about using the exception case for the SHOULD here. It seems to me that this basically involves a judgment call by the operator of the recursive resolver between exposing a longer prefix or providing less useful information to an authoritative resolver that is indicating that it needs more information. But setting SOURCE PREFIX-LENGTH involved a judgment call in the first place about the privacy protection involved in providing a less-than-full address. So how is a recursive resolver supposed to decide whether to follow the indication from the authoritative resolver about prefix length? _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
