Last Call Review of draft-ietf-ipsecme-split-dns-12
review-ietf-ipsecme-split-dns-12-secdir-lc-santesson-2018-08-19-00

Request Review of draft-ietf-ipsecme-split-dns
Requested rev. no specific revision (document currently at 14)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2018-08-24
Requested 2018-08-10
Other Reviews Genart Last Call review of -12 by Christer Holmberg (diff)
Opsdir Last Call review of -12 by Tim Chown (diff)
Review State Completed
Reviewer Stefan Santesson
Review review-ietf-ipsecme-split-dns-12-secdir-lc-santesson-2018-08-19
Posted at https://mailarchive.ietf.org/arch/msg/secdir/UR89OiOxJgCAXY2zdz88n3saHkY
Reviewed rev. 12 (document currently at 14)
Review result Has Nits
Draft last updated 2018-08-19
Review completed: 2018-08-19

Review
review-ietf-ipsecme-split-dns-12-secdir-lc-santesson-2018-08-19

In agreement with nit comments in the Gen-Art review.

1) Section 2. Background seems to be a duplication with the introduction section and could probably be merged with this section.

2) In general I wander wether the requirement level "SHOULD" is to week in some places. The concern (and question) here is whether this may lead to uncertainty whether a Split-DNS configuration always will provide the expected level of security (or fail), or wether such configuration may lead to successful communication without the expected level of security ( in compliance with this specification).