Lars Eggert has entered the following ballot position for draft-ietf-dnsop-nsec3-guidance-08: No Objection
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-dnsop-nsec3-guidance/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- # GEN AD review of draft-ietf-dnsop-nsec3-guidance-08 CC @larseggert Thanks to Meral Shirazipour for the General Area Review Team (Gen-ART) review (https://mailarchive.ietf.org/arch/msg/gen-art/s5hyTc3FVrHGhUW0kHVOGLVXTgo). ## Comments ### Section 3.2, paragraph 4 ``` Validating resolvers returning an insecure or SERVFAIL answer to their client after receiving and validating an unsupported NSEC3 parameter from the authoritative server(s) SHOULD return an Extended DNS Error (EDE) {RFC8914} EDNS0 option of value (RFC EDITOR: TBD). Validating resolvers that choose to ignore a response with an unsupported iteration count (and do not validate the signature) MUST NOT return this EDE option. ``` {RFC8914} looks like a Markdown citation bug. ### Missing references No reference entries found for: `[RFC8914]` and `[draft-hardaker-dnsop-nsec3-guidance]`. ## Nits All comments below are about very minor potential issues that you may choose to address in some way - or ignore - as you see fit. Some were flagged by automated tools (via https://github.com/larseggert/ietf-reviewtool), so there will likely be some false positives. There is no need to let me know what you did with these suggestions. ### Stray characters The text version of this document contains these HTML entities, which might indicate issues with its XML source: `č`, `Š`, and `Č` ### Grammar/style #### "Table of Contents", paragraph 1 ``` . . . . . . . . . . 10 Appendix D. Github Version of This Document . . . . . ^^^^^^ ``` The official name of this software platform is spelled with a capital "H". #### Section 1.1, paragraph 1 ``` lag [RFC5155], which specifies whether or not that NSEC3 record provides pro ^^^^^^^^^^^^^^ ``` Consider shortening this phrase to just "whether". It is correct though if you mean "regardless of whether". #### Section 2.3, paragraph 1 ``` w, ftp, mail, imap, login, database, etc) can be used to quickly reveal a lar ^^^ ``` A period is needed after the abbreviation "etc.". #### Section 5, paragraph 1 ``` y Covering NSEC Records and DNSSEC On-line Signing", RFC 4470, DOI 10.17487/R ^^^^^^^ ``` Do not mix variants of the same word ("on-line" and "online") within a single text. #### Section 7.1, paragraph 2 ``` NSSEC zone enumeration algorithm", n.d.. Appendix A. Deployment measurements ^^ ``` Two consecutive dots. #### "Appendix A.", paragraph 2 ``` Vixie * Tim Wicinski Appendix D. Github Version of This Document While this ^^^^^^ ``` The official name of this software platform is spelled with a capital "H". ## Notes This review is in the ["IETF Comments" Markdown format][ICMF], You can use the [`ietf-comments` tool][ICT] to automatically convert this review into individual GitHub issues. Review generated by the [`ietf-reviewtool`][IRT]. [ICMF]: https://github.com/mnot/ietf-comments/blob/main/format.md [ICT]: https://github.com/mnot/ietf-comments [IRT]: https://github.com/larseggert/ietf-reviewtool _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
