Éric Vyncke has entered the following ballot position for draft-ietf-opsawg-add-encrypted-dns-11: Discuss
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-opsawg-add-encrypted-dns/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- # Éric Vyncke, INT AD, comments for draft-ietf-opsawg-add-encrypted-dns-11 CC @evyncke Thank you for the work put into this document. Once the trivial DISCUSS is addressed, I will be happy to ballot a YES. Please find below one blocking DISCUSS points (easy to address), some non-blocking COMMENT points (but replies would be appreciated even if only for my own education), and some nits. Special thanks to Bernie Volz for the shepherd's detailed write-up including the WG consensus even if the justification of the intended status is rather vague. Other thanks to Tatuya Jinmei, the Internet directorate reviewer (at my request), please consider this int-dir review: https://datatracker.ietf.org/doc/review-ietf-opsawg-add-encrypted-dns-10-intdir-telechat-jinmei-2023-03-09/ (and I have read Med's replies and resolution of the issues) I hope that this review helps to improve the document, Regards, -éric ## DISCUSS As noted in https://www.ietf.org/blog/handling-iesg-ballot-positions/, a DISCUSS ballot is a request to have a discussion on the following topics: ### What to do with non-permitted DHCP option ? Sections 3.1 and 3.2 contain text like `Permitted DHCPv6 options in the DHCPv6-Options Attribute are maintained by IANA in the registry created in Section 8.4.1.` but I was unable to find anywhere in the document what is the expected behaviour of a RADIUS client receiving a non-permitted DHCP option ? At the bare minimum, I would expect the I-D to mention "non-permitted DHCP options MUST silently be ignored by the RADIUS client" Or did I fail to find a similar statement in the text ? ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- ## COMMENTS ### Abstract Should the sentence `Even if the specification was initially motivated by the configuration of encrypted DNS resolvers,` be removed from the abstract ? It adds nothing but confusion. ### Section 3 Should the whole paragraph starting with `RADIUS servers have conventionally tolerated the input of arbitrary data via the "string" data type (Section 3.5 of [RFC8044])... ` rather be in the security (or operational) considerations section ? ### Section 3.1 Should normative language be used in `However, the server is not required to honor such a preference.`? I.e., the rest of the paragraph uses normative language. ### Section 4 Should 'DHCP relay' be mentioned in the section title ? It would of course be very long then but clearer for the reader (esp in the ToC) ## NITS ### Section 3.2 Suggest to use the same layout as in section 3.1 for the "value" field. ## Notes This review is in the ["IETF Comments" Markdown format][ICMF], You can use the [`ietf-comments` tool][ICT] to automatically convert this review into individual GitHub issues. [ICMF]: https://github.com/mnot/ietf-comments/blob/main/format.md [ICT]: https://github.com/mnot/ietf-comments _______________________________________________ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg