Re: [DNSOP] I-D Action: draft-ietf-dnsop-kskroll-sentinel-00.txt

Tue, 12 Dec 2017 16:05:44 -0800 


> On 13 Dec 2017, at 3:44 am, Bob Harold <rharo...@umich.edu> wrote:
> 
> 
> On Sun, Dec 10, 2017 at 8:21 PM, <internet-dra...@ietf.org 
> <mailto:internet-dra...@ietf.org>> wrote:
> 
> A New Internet-Draft is available from the on-line Internet-Drafts 
> directories.
> This draft is a work item of the Domain Name System Operations WG of the IETF.
> 
>         Title           : A Sentinel for Detecting Trusted Keys in DNSSEC
>         Authors         : Geoff Huston
>                           Joao Silva Damas
>                           Warren Kumari
>         Filename        : draft-ietf-dnsop-kskroll-sentinel-00.txt
>         Pages           : 8
>         Date            : 2017-12-10
> 
> Abstract:
>    The DNS Security Extensions (DNSSEC) were developed to provide origin
>    authentication and integrity protection for DNS data by using digital
>    signatures.  These digital signatures can be verified by building a
>    chain of trust starting from a trust anchor and proceeding down to a
>    particular node in the DNS.  This document specifies a mechanism that
>    will allow an end user to determine the trusted key state of the
>    resolvers that handle the user's DNS queries.
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-dnsop-kskroll-sentinel/ 
> <https://datatracker.ietf.org/doc/draft-ietf-dnsop-kskroll-sentinel/>
> 
> There are also htmlized versions available at:
> https://tools.ietf.org/html/draft-ietf-dnsop-kskroll-sentinel-00 
> <https://tools.ietf.org/html/draft-ietf-dnsop-kskroll-sentinel-00>
> https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-kskroll-sentinel-00 
> <https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-kskroll-sentinel-00>
> 
> 
> 
> Looks good to me.  One minor typo:
> 
>  4. Sentinel Test Result Considerations
> paragraph 6
> 
> "If the resolver is non-validating, and it has a single forwarder
> clause, then the resolver will presumably mirror the capabilities of
> the forwarder target resolver. If this non-validating resolver it
> has multiple forwarders, then the above considerations will apply."
> 
> "it" at end of the third line should be deleted.


noted - “it" will be removed in the next version


Geoff

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to