(Sorry, this is a late response to a review request original sent to the dnsop list on 11 February)
Section 3.4 (DNS for Cloud Resources) includes these sentences: "Globally unique names do prevent any possibility of collision at the present or in the future and they make DNSSEC trust manageable. It's not as if there is or even could be some sort of shortage in available names that can be used, especially when subdomains and the ability to delegate administrative boundaries are considered." Could we make the last sentence stronger, perhaps with a statement like this from the US CERT WPAD Name Collision Vulnerability alert dated May 23, 2016? "Globally unique names do prevent any possibility of collision at the present or in the future and they make DNSSEC trust manageable. Consider using a registered and fully qualified domain name (FQDN) from global DNS as the root for enterprise and other internal namespaces." https://www.us-cert.gov/ncas/alerts/TA16-144A The alert actually says "other internal namespace", but I think that's a typo. Scott _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
