I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security area
directors.  Document editors and WG chairs should treat these comments just
like any other last call comments.

This document defines a mechanism to provide authenticity and integrity of
DNS transactions such as update requests.


My main comment about this document is that it recommends use, and mandates
support, of HMAC-SHA1, even truncated HMAC-SHA1. In light of recent
cryptanalysis results, e.g.,
- https://eprint.iacr.org/2020/014.pdf
-  https://www.mitls.org/downloads/transcript-collisions.pdf
it seems to me that an update to RFC 2845 would be better off not to
recommend (or even mandate) use of SHA-1 but rather stronger hash functions
such as SHA-256.
Likewise, the statement "longer [authentication values] are believed to be
stronger" is potentially misleading as it is the strength of the algorithm,
and not the length of its output, that ultimately determines its security.

Thanks,
-- Magnus