Hi all,

This is the dnsdir (early) review for
https://datatracker.ietf.org/doc/draft-ietf-dnsop-ns-revalidation/ version 04.

I've found the document clear in explaining why "Upgrading NS RRset Credibility" and "Delegation Revalidation" are needed.

However when reading Section 3, I feel that this is an explanation of an algorithm and should use RFC 2119 keywords and be more precise. One of the main things I would like to see some text about is what if you _do_ get a response from the child that does have NS records in the auth section? Have you then sent the validation queries for nothing? Or is this indented for intermediate nameservers (only)?

To a lesser extent this also hold true for Section 4, but algorithm is some what simpler there.

The Security Considerations section reads a bit like a mini summery of the document because it duplicates things from Section 2 (Motivation). I think the entire text from Section 6 could be
folded into Section 2 (and insofar it's not already in there). Or say something like "this entire document deals with the security of .....".

Small nit: section 3 currently is just a set of bullet points which looks a bit odd.

Kind regards,
Miek