Last Call Review of draft-ietf-dnsop-cookies-07

Request Review of draft-ietf-dnsop-cookies
Requested rev. no specific revision (document currently at 10)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2015-12-14
Requested 2015-11-30
Authors Donald Eastlake, Mark Andrews
Draft last updated 2015-12-25
Completed reviews Genart Last Call review of -07 by Peter Yee (diff)
Genart Telechat review of -09 by Peter Yee (diff)
Secdir Last Call review of -07 by Yoav Nir (diff)
Secdir Telechat review of -08 by Yoav Nir (diff)
Opsdir Last Call review of -07 by Dan Romascanu (diff)
Assignment Reviewer Peter Yee 
State Completed
Review review-ietf-dnsop-cookies-07-genart-lc-yee-2015-12-25
Reviewed rev. 07 (document currently at 10)
Review result Ready with Nits
Review completed: 2015-12-25


I am the assigned Gen-ART reviewer for this draft.  The General Area Review
Team (Gen-ART) reviews all IETF documents being processed by the IESG for
the IETF Chair.  Please treat these comments just like any other last call
comment.  For background on Gen-ART, please see the FAQ at

(Actually, I'm tardy on this review.  It inexplicably dropped off my radar.
So deal with these comments when you get around to handling Telechat input
or AUTH48 or whenever it suits you!  I'm still posting this review as it
will be needed come the Telechat.)

Document: draft-ietf-dnsop-cookies-08
Reviewer: Peter Yee
Review Date: December 24, 2015
IETF LC End Date: December 14, 2015
IESG Telechat date: TBD

Summary: This draft is basically ready for publication, but has nits that
should be fixed before publication. [Ready with nits]

The draft provides a lightweight means to increase the difficulty of certain
DNS attacks by off-path attackers, but it isn't designed to be the be all
and end all of DNS security.  It can be deployed incrementally.

Major issues: None

Minor issues:

Page 14, Section 5.2.4, 1st paragraph, 1st sentence: It might be useful to
mention what the examination entails as it would help in understanding the
3rd sentence in the paragraph.  There's an implied recalculation of the
Server Cookie value based on the received Client Cookie and client IP
address as opposed to a simple lookup of the received value.


Page 12, Section 5.2, 3rd paragraph, 1st sentence: change "the the" to just

Page 13, Section 5.2.2, 2nd paragraph: append "bytes" after "40".

Page 14, Section 5.2.4, 1st paragraph, 2nd sentence: delete the sentence.
It's redundant with the 1st sentence.

Page 15, Section 5.4, 2nd paragraph, 1st sentence: change first "a" to "an".

Page 15, Section 5.4, 4th paragraph, 1st sentence: change first "a" to "an".

Page 17, Section 6, 1st paragraph, 2nd sentence: change "indefinitely" to

Page 21, Section 9, 2nd paragraph, 2nd sentence: change "WPAv2" to "WPA2"
(the Wi-Fi Alliance's term).

Page 23, Section 10: change "a" to "an".

Page 27, Section A.1, 1st sentence: change "An" to "A".

Page 29, 1st partial sentence: if you're going to drop beta earlier in the
section, you might as well give the BIND version number here as well.  It's
no longer apparent that a beta version was involved.