CHAIN Query Requests in DNS
RFC 7901

Note: This ballot was opened for revision 06 and is now closed.

(Ben Campbell) Yes

Alissa Cooper Yes

(Stephen Farrell) Yes

Comment (2016-02-15 for -06)
No email
send info

- In section 3 you promised me privacy considerations in section
8 but I didn't find any there. That was almost a DISCUSS, but
since fixing it is easy and I assume won't be controversial I
can stick with a YES ballot:-)

- I would suggest that you do note in section 8, that the fqdn
in the CHAIN option could allow an attacker to (re-)identify a
client. E.g. if the attacker sees that you have validated
tetbed.ie before that could single you out, even if you have
changed your n/w, cilent IP address etc. Presumably that would
be a relatively long lasting concern as well, as RRSIG expiry
tends to be weeks ahead. I think just noting that and maybe
saying that DPRIVE is a likely mitigation would be a good thing
to do.

(Brian Haberman) Yes

Comment (2016-02-15 for -06)
No email
send info
Modulo the missing privacy issues in section 8, I support the publication of this document and the resulting experimentation to reduce the latency of DNSSEC validation.

(Joel Jaeggli) Yes

(Jari Arkko) No Objection

Deborah Brungard No Objection

(Benoît Claise) No Objection

(Spencer Dawkins) No Objection

Barry Leiba No Objection

Comment (2016-02-17 for -06)
No email
send info
-- Section 6.3 --

   It is RECOMMENDED that TCP sessions not immediately be closed after
   the DNS answer to the first query is received.  It is recommended to
   use [TCP-KEEPALIVE].

A very tiny point: it strikes me that the 2119-level "RECOMMENDED" is on the wrong half of this -- I think the 2119-level recommendation should be on the TCP-KEEPALIVE part.  I'd word it this way, but you can certainly ignore this if you prefer, and no response is necessary:

NEW
   The use of [TCP-KEEPALIVE] on DNS TCP sessions is RECOMMENDED, and   
   thus TCP sessions should not immediately be closed after the DNS
   answer to the first query is received.
END

(Terry Manderson) No Objection

Alvaro Retana No Objection

Comment (2016-02-16 for -06)
No email
send info
The Intended Status on the document itself says "Standards Track" (and not Experimental).  It should be changed before approval.

(Martin Stiemerling) No Objection