On Mar 2, 2020, at 6:47 AM, Bob Harold <rharo...@umich.edu> wrote: > Suggestions: > > Abstract > "Some DNS recursive resolvers have longer-than-desired round-trip > times to the closest DNS root server such as during a network attack." > > Suggested change: > Some DNS recursive resolvers have longer-than-desired round-trip > times to the closest DNS root server. Some DNS recursive resolvers > may have difficulty getting responses from the root servers such as > during a network attack.
Thanks, that sounds good. > 1. Introduction > > (end of fourth paragraph) > "The recursive resolver validates all responses from the > root service on the same host, just as it would all validate > responses from a remote root server." > > "would all validate" -> "would validate all" My fault, and yes. > 2. Requirements > > (second bullet point) > "The system MUST have an up-to-date copy of the Key Signing Key > (KSK) [RFC4033] used to sign the DNS root." > > -- Should we clarify as "the public portion of the Key Signing Key" ? > (They do not need the private key) Ooooh, good call. Thanks! --Paul Hoffman
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop