[auth48] Re: AUTH48: RFC-to-be 9704 for your review

Wed, 18 Dec 2024 14:57:15 -0800 

1. Noted at 
https://github.com/ietf-wg-add/draft-ietf-add-split-horizon-authority/issues/70

2. Approved

3. The current text is clear but not consistent: ".home.arpa" and ".local" are 
written dot-first, and "resolver.arpa." and "ipv4only.arpa." are written 
dot-last.  I don't have a strong preference but we should use a single form 
throughout this sentence.

4. Approved

5. This is not a list of definitions, so I am hesitant to use <dl>.

6. Do not change.  The current quoting is correct.

7. I prefer option 2.

8. These references should both be changed to refer to the "ZONEMD Hash 
Algorithms" registry and Section 5.3 of RFC 8976.

9. Approved

10. It means "It can be accomplished in this way, which is as straightforward 
as one can reasonably hope for given the notoriously difficult technologies 
that are involved".   I welcome improved language.

11. Approved

12. The type should be "dns-rr".

13. Approved

14. For the sake of consistency, we should probably apply <tt> whenever a DNS 
name is not in double-quotes.  This would require two additional <tt> tags.

15. The two examples have since been combined.  I propose to delete this text, 
delete the "Split Horizon Entire Zone" section header, and retitle Section 8, 
resulting in the following structure:

8. Example Split-Horizon DNS Configuration
8.1.  Verification Using an External Resolver
...
Figure 3: Verifying claims using an external resolver
...
8.2.  Verification using DNSSEC
...
Figure 4: An Example of Verifying Claims using DNSSEC -->

16. Yes, this spacing should be made consistent.

17. Let's change to ENCDNS_IP* for consistency.

18. Approved

19. Let's change to:

 3.  The old verification record needs to be maintained until the DHCP
     lease or PvD Additional Information expires.

20. Let's change the titles of Sections 13.1 and 13.2 as follows:

13.1. New DHCP Authentication Algorithm for Split DNS
13.2. New PvD Additional Information Type for Split DNS

21. No Action.

22a. No Objection
22b. I think the existing usage is appropriate.  "ds=..." appears in the first 
usage in the section to remind the reader that this is a key-value pair", and 
"ds" is used afterward as a shorthand.
22c(?). The "Verification Record" is a new technical artifact invented for this 
specification.  We should use consistent capitalization for it.  I lean toward 
capitalizing.

--Ben Schwartz

-- 
auth48archive mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to