Last Call Review of draft-ietf-dnsop-rfc4641bis-
I have reviewed this document
as part of the security directorate's ongoing effort to review
all IETF documents being processed by the IESG. These comments
were written primarily for the benefit of the security area
directors. Document editors and WG chairs should treat these
comments just like any other last call comments.
This informational draft describes the operational practices for
administrating a DNSSEC environment. Specifically the
management of keys and signatures in DNS. The draft intends to
The security considerations section does exist and is somewhat
terse in its explanation of mitigating spoofing and DoS
attacks. This should be expanded or at least a reference made.
Consistency: SEP is expanded, but not DS.
s/purposes X will somewhere/purposes, X will be somewhere/
s/such as e.g. RFC 5011/e.g. RFC 5011/