Document: draft-ietf-dnsop-rfc8624-bis Title: DNSSEC Cryptographic Algorithm Recommendation Update Process Reviewer: Magnus Nyström Review result: Has Nits Firstly, I want to thank the authors for doing updates based on my previous review. There is still one small edit I would like to see: In the Security Considerations section, when talking about algorithm deprecation due to an algorithm no longer being cryptographically secure, we went from: "Therefore, algorithm deprecation must be done very slowly and only after careful consideration and measurement of its use." (which I felt was in need of update since "very slowly" is indeterminate and, not even always possible - e.g., in the case of a catastrophic break of an algorithm) to: "Therefore, algorithm deprecation must be done only after careful consideration and ideally slowly when possible." The new statement is clearly better, but I still feel that the "and ideally slowly when possible" part is needless and potentially confusing. "Careful consideration" to me implies that you go slow, if possible. And there is also the preceding sentence: "Retiring an algorithm too soon would result in a zone signed with the retired algorithm being downgraded to the equivalent of an unsigned zone" which calls for a measured approach, if possible. So, while I would rather not include that sentence ending, it is no longer an issue for me. Thanks, -- last-call mailing list -- last-call@xxxxxxxx To unsubscribe send an email to last-call-leave@xxxxxxxx
