Draft: draft-hollenbeck-epp-secdns-07.txt Reviewer: Lakshminath Dondeti [ldondeti@qualcomm.com] Review Date: Wednesday 7/6/2005 3:30 PM CST Telechat Date: 7/7/2005 Summary: This draft is ready for publication. Notes: I must admit that I don't know a whole lot about DNSSEC or XML, so I wouldn't know if anything is amiss in the examples in the specification. That said, the document is well-organized and well-written. I do have one question on EPP error responses and another on related security considerations: In several places in the draft there are references to EPP error responses. There is one place where a result code is given (urgent attribute cannot be completed with high priority uses 2306), but in other places, the draft simply says use appropriate error response. Perhaps the applicable error codes might be listed in all places. The other question is whether the error responses themselves are integrity protected (I took a quick look at RFC 3730's security considerations, but did not find any notes on this). If not, the security considerations section might say that it is plausible for a MiTM to send a bogus error response.