Peter van Dijk <peter.van.d...@powerdns.com> writes:
> > Because hashing provides only moderate protection, as shown recently
> in academic studies of NSEC3 protected zones [GPUNSEC3][ZONEENUM].
>
> This sentence appears to be lacking a second half.
Changed to:
Recent in academic studies have shown that NSEC3 hashing provides only
provides moderate protection {{GPUNSEC3}}{{ZONEENUM}}.
> > Operators are encouraged to forget the salt entirely
>
> "forgo" perhaps? Or, easier on the eyes, "not use the salt at all"?
How about: Operators are encouraged to forgo using a salt entirely by using a
> > Note that this specification significantly decreases the requirements
> originally specified in Section 10.3 of [RFC5155].
>
> Should this document say "Updates: RFC5155" ?
Probably a good point. How about:
Note that this specification updates [RFC5155] by significantly
decreasing the requirements originally specified in Section 10.3 of
[RFC5155].
> > man-it-the-middle attacks
>
> man-in-the-middle
Actually changed to attacker-in-the-middle, but good catch!
> > Thus, validating resolver operators and software implementers SHOULD
> set the point above which a zone is treated for certain values of NSEC3
> iterations counts to the same as the point where a validating resolver
> begins returning SERVFAIL.
>
> Is "as insecure" missing after "treated"?
Yep, good catch.
--
Wes Hardaker
USC/ISI
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
