Alissa Cooper
2018-12-05 16:27:51 UTC
Alissa Cooper has entered the following ballot position for
draft-ietf-alto-xdom-disc-04: No Objection
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.
The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-alto-xdom-disc/
----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------
Section 6.4: It seems that people's understanding of the kind of threat
described in this section has changed somewhat since 2009 when RFC 5693 was
published. For example, work to provide confidentiality protection for DNS
client requests to recursive resolvers (DoT and DoH) has occurred in the time
since then, and the information revealed by such requests is arguably less
sensitive than the information sent by ALTO clients. I don't know if the
applicability of DoT/DoH to NAPTR has been written about anywhere, but at a
minimum it seems that this is worthy of some discussion here.
draft-ietf-alto-xdom-disc-04: No Objection
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.
The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-alto-xdom-disc/
----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------
Section 6.4: It seems that people's understanding of the kind of threat
described in this section has changed somewhat since 2009 when RFC 5693 was
published. For example, work to provide confidentiality protection for DNS
client requests to recursive resolvers (DoT and DoH) has occurred in the time
since then, and the information revealed by such requests is arguably less
sensitive than the information sent by ALTO clients. I don't know if the
applicability of DoT/DoH to NAPTR has been written about anywhere, but at a
minimum it seems that this is worthy of some discussion here.