Éric Vyncke has entered the following ballot position for draft-ietf-dnsop-rfc8109bis-06: Yes
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-dnsop-rfc8109bis/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- # Éric Vyncke, INT AD, comments for draft-ietf-dnsop-rfc8109bis-06 Thank you for the work put into this document. Please find below two non-blocking COMMENT points. Special thanks to Tim Wicinski for the shepherd's detailed write-up including the WG consensus but it lacks the justification of the intended status (and uses the old template). Other thanks to Dirk Von Hugo and Patrick Mevzek, the Internet and DNS directorates reviewers (at my request), please consider these reviews: - https://datatracker.ietf.org/doc/review-ietf-dnsop-rfc8109bis-06-intdir-telechat-von-hugo-2024-08-19/ (and I have read the Paul's short reply) - https://datatracker.ietf.org/doc/review-ietf-dnsop-rfc8109bis-06-dnsdir-telechat-mevzek-2024-08-19/ (it was posted yesterday and contains some valid points that should be replied to) I hope that this review helps to improve the document, Regards, -éric # COMMENTS (non-blocking) ## Section 1.1 Nice to remove "man-in-the-middle" but it is replaced by "on-path attacker" and not by "machine-in-the-middle" ;-) Should there be a note in this section asking the RFC editor to remove this section ? or move it in appendix? This is a matter of taste of course. ## Section 3 Like Patrick Mevzek, I also wonder about `The priming query can be sent over either UDP or TCP`, of course Do53 is currently the only supported way for the root servers. With the experimental RFC 9539, should it be stated that only Do53 must be used for priming ? I.e., a stricter text than now, e.g., "MUST be sent over either UDP or TCP to port 53" ? _______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org