Hi Marc, My comments are inline below.
On Feb 2, 2025, at 6:31 AM, Marc Blanchet via rssac-caucus <rssac-caucus@icann.org> wrote:
On Feb 2, 2025, at 06:47, Andrew McConachie via rssac-caucus <rssac-caucus@icann.org> wrote:
Dear RSSAC Caucus Members,
Duane, Ray, Ozan, and myself met on Thursday and merged all outstanding suggestions in the document.
https://secure-web.cisco.com/1xUsEtMLvtrEdXz3xvuTJ_78yFFn1ST8lb7R_727rTA8G-_...
This starts a week review of this document. Please review it by Sunday February 9th.
If there are no significant suggestions this document will be sent to the RSSAC for a vote and eventual publication.
Sorry for late review. Good document. Minor suggestions (fine to just ignore them as they may not be appropriate or already discussed):
Indeed I feel the time for some of these comments is now past as the work party had many meetings where the text around these topics were discussed and debated. This is already the second “last call”. However if other caucus members feel the need to reopen these for discussion please speak up.
- "Root hints data should be retrieved …” It seems to me that it would be useful to add a link to where the source of this data is. That way it becomes clear what we are talking about. (Root hints could I think be interpreted in various ways).
As a matter of style the document doesn’t have links in the body text. We do have a footnote just before that which references RSSAC030, which in turn has the URL for the root hints file.
- "“root hints” are a set of addresses which can be used by applications”. While it is theoretically possible that a generic/user/ application may have that data, it is essentially in resolvers. Resolvers are “applications” per se, but I think it is a bit misleading for a normal reader that would see “applications” as any application. I understand that the next sentence talks about the resolvers, but the rest of the paragraph is back to “applications”. I wonder if more specific text should be used such as s/application/name resolving application/ or similar.
As someone who contributed text to this section, I can explain why I think applications is appropriate. It is true that root hints are essential for resolvers, those are not the ones I think need to hear this message. I think resolver developers and operating system maintainers are well-aware of the need to maintain up-to-date hints. I want to make sure we also reach developers of other applications who may be less aware of this need. An example that came up within RSSAC itself was the initial implementation of the RSSAC047 metrics, which had hard-coded root server addresses.
- "RSOs are expected to ensure that a future service address does not have a negative reputation in well-known address reputation databases.”. I understand the idea, but wonder how this is very practical and in fact really useful, as reputation databases are highly dynamic and are based on various heuristics that may lead to false reputation. More over what are the “well-known address reputation databases”: one may identify one where another may identify another. Finally I’m not even sure the community has agreement on what exactly negative reputation means and if the criteria are clear and based on consensus (if yes, then a link could be added as reference to the definition/criteria of reputation). If people really care about saying something like that, then at least make it way less assertive. Ex: s/ensure/review/. s/does not have/is not tainted with/. s/in well-known address reputation databases//.
As I see it, the point of this text is to inform the reader that address reputation is the RSOs responsibility, and is a part of the process for changing an address. Whether it says “ensure” or “review” matters less (to me at least). DW