Telechat Review of draft-ietf-tls-dnssec-chain-extension-06
I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair. Please wait for direction from your
document shepherd or AD before posting a new version of the draft.
For more information, please see the FAQ at
Reviewer: Matthew A. Miller
Review Date: 2018-02-06
IETF LC End Date: 2018-02-07
IESG Telechat date: 2018-02-08
This document is ready, with one issue that I think could benefit
from some clarification.
This is more a question, that might warrant some clarification:
In 7. Verification, the last paragraph discusses client-side
caching of the RRsets. If a client has cached the full RRset chain
from TLSA to root RRSIG (and that cache is still viable), is the
client still expected to specify the "dnssec_chain" extension?
In my reading, that does not seem necessary, and I think it might
be worth noting if that is true.