Last Call Review of draft-ietf-dnsop-rfc4641bis-

Request Review of draft-ietf-dnsop-rfc4641bis
Requested rev. no specific revision (document currently at 13)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2012-08-28
Requested 2012-08-10
Authors Olaf Kolkman, Matthijs Mekking, R. Gieben
Draft last updated 2012-08-30
Completed reviews Secdir Last Call review of -?? by Shawn Emery
Assignment Reviewer Shawn Emery
State Completed
Review review-ietf-dnsop-rfc4641bis-secdir-lc-emery-2012-08-30
Review result Ready with Issues
Review completed: 2012-08-30


I have reviewed this document
        as part of the security directorate's ongoing effort to review
        all IETF documents being processed by the IESG. These comments
        were written primarily for the benefit of the security area
        directors. Document editors and WG chairs should treat these
        comments just like any other last call comments.

        This informational draft describes the operational practices for
        administrating a DNSSEC environment.  Specifically the
        management of keys and signatures in DNS.  The draft intends to

RFC 4641.

        The security considerations section does exist and is somewhat
        terse in its explanation of mitigating spoofing and DoS
        attacks.  This should be expanded or at least a reference made.

        General comments:


        Editorial comments:

Consistency: SEP is expanded, but not DS.

s/purposes X will somewhere/purposes, X will be somewhere/

s/such as e.g.  RFC 5011/e.g. RFC 5011/