Hi Shawn, Thank you for the review and comments.
We’ve fixed the editorial comments you identified. Regarding “decimal integer” — we use that phrase only when describing the presentation format (versus, say, hexadecimal) so we think it is appropriate. However, we would defer to the advice or suggestion of the RFC editor or other experts on this, if they have an opinion. DW > On Jun 5, 2024, at 11:55 PM, Shawn Emery via Datatracker <nore...@ietf.org> > wrote: > > Caution: This email originated from outside the organization. Do not click > links or open attachments unless you recognize the sender and know the > content is safe. > > Reviewer: Shawn Emery > Review result: Has Nits > > I have reviewed this document as part of the security directorate's ongoing > effort to review all IETF documents being processed by the IESG. These > comments > were written primarily for the benefit of the security area directors. > Document > editors and WG chairs should treat these comments just like any other last > call > comments. > > This draft specifies an extension in DNS for providing zone version > information > for the associated query name. This data allows callers to better correlate > the queried name to a zone version that it belongs, in order to better > diagnose > synchronicity issues. > > The security considerations section does exist and describes that this EDNS > extension does not protect against an active attacker and therefore should > only > be used for diagnostic purposes only. The section continues, if zone version > information is to protected against an active attacker then the user should > use > TSIG (RFC 8945) or SIG(0) (RFC 2931) to authenticate and provide integrity > protection. In addition, there are no new privacy issues introduced by the > new > extension given that version information is already provided publicly. I > agree > with the aforementioned assertions. > > General Comments: > > What's an unsigned decimal integer vs. unsigned integer? > > Editorials Comments: > > s/and and/and/ > s/correspond do/correspond to the/ > >
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
