Talk:DNS Certification Authority Authorization/GA1

GA Review
The edit link for this section can be used to add comments to the review.''

Reviewer: RonaldDuncan (talk · contribs) 16:03, 5 June 2018 (UTC)

My first impression is that the article is a little light/too short, and that a diagram would be a big help in getting over the concept. It would be good to provide some more references whilst expanding the article. e.g the RFC is 18 pages long and has a list of references. RonaldDuncan (talk) 16:03, 5 June 2018 (UTC)
 * Hey! Thank you for taking this on. There are three areas of concern that I anticipate for this nomination:
 * The article is a little short on prose, stemming partially from the limited size of the subject area, and partially from my difficulty as a subject-matter expert in using extra prose to make the article understandable.
 * The article has less reliable sources than ideal, again stemming from the small amount of writing in the area – most search results are general how-to guides from certificate authorities.
 * The article is missing a proper lead, and as a result is a little confused with the story it's trying to tell.
 * I think that with your kind advice here, I can rewrite and restructure as necessary, and get this article up to GA standard during the course of this review. I will have a think about your request for a diagram, I may be able to make something but what would you like it to include? The normative references in the RFC are more related to the standards that the RFC depends upon (e.g. CAA is a DNS record, so it needs a normative reference to the DNS standard), rather than directly relevant to CAA at all. TheDragonFire (talk) 13:32, 6 June 2018 (UTC)
 * Hi I did a quick google and found https://www.slideshare.net/MenandMice/the-caarecord-for-increased-encryption-security which has a lot of diagrams on the process. You could see which ones you think would enhance the article, and have a look for other images.  The images search may well help you find some other sources, since they will probably be part of articles on the process.  The how-to guides from the certificate authorities are helpful, there is already one in the article as a reference.  It is a bit of a challenge this part, but since the standard was written by two people that work for Comodo, and Comodo is referenced as the CA that did not have it working for the introduction that is part of life's rich problems. RonaldDuncan (talk) 13:45, 6 June 2018 (UTC)
 * Can I just clarify, are you planning to complete a full review against the good article criteria? GA criteria 6 is only applicable if media with acceptable copyright status is appropriate and readily available, which it is not (copyright issues, and most graphics are very poor quality). I'm happy to look into creating something myself, but that should not stop this review progressing (no worries at all if you are just taking your time). I've fixed the lead a little. TheDragonFire (talk) 17:07, 6 June 2018 (UTC)
 * Hi am going to do a full review against the criteria. I just wanted to be upfront with the things that I thought were likely to be issues.RonaldDuncan (talk) 18:14, 6 June 2018 (UTC)

Hi I have done a full review against the criteria, I still think that the issue that we have both raised of the shortness of the article is an issue. Your thoughts are welcome RonaldDuncan (talk) 14:30, 7 June 2018 (UTC)
 * Thanks a lot for this. I will try to work on ironing out criteria 2b and 3 over the next few days. TheDragonFire (talk) 14:38, 7 June 2018 (UTC)
 * Okay so I had to make a bunch of changes. I've removed the support table because it was apparently conflating several different classes of DNS software, and ignored the fact that DNS servers are very easily configured to serve new resource records types even if they don't "know" about them. I found several new sources, and I'm now confident that I've got a source to back up everything that's said in the article. One of these sources is a timeline of TLS history that clarified a few things for me, and now the Background section is a more accurate as a result. The total length of the article hasn't really gone up, but there is now slightly more information presented more concisely. I think this is everything that's covered in reliable sources now, part of why I choose this for a GA is that it's a very narrow topic. Things like HTTP Public Key Pinning (my possible next GA) have a lot more meat to them. If you could take a look and tell me how you feel about it, that would be appreciated. TheDragonFire (talk) 13:43, 9 June 2018 (UTC)
 * Thanks for all the additional work. I think we agree that a long article on this topic is not appropriate, so the question is how long is a good article.  I think an answer is the right length for the subject, and so this is a good article.  Let me know if you agree or disagree :) RonaldDuncan (talk) 16:03, 11 June 2018 (UTC)
 * I'm happy to pass this now if you are. TheDragonFire (talk) 16:07, 11 June 2018 (UTC)

OK I had a look at Article_size and since it is over 1K (10k), I think it is OK to pass as a good article. Interested in any other editors opinions, otherwise I will pass as a good article tomorrow. RonaldDuncan (talk) 16:16, 11 June 2018 (UTC)
 * You're generally my goto GAN ninja. Do you have a moment to sanity check this? TheDragonFire (talk) 17:43, 11 June 2018 (UTC)


 * Article size should not be an issue. It is more whether the reviewer thinks anything is missing. Not familiar enough with the topic to offer an opinion on this myself, but a google search could help. Remember good articles are not perfect, or even great, so there can be some gaps if they are minor or unsourcable. It is ultimately up to the reviewer. Since I was pinged I will say I am not too enthused about the unsourced WP:example farm. Seems a bit like original research to me. Any other specific questions feel free to re ping me. AIRcorn (talk) 16:17, 13 June 2018 (UTC)


 * Thanks and sorry  that tomorrow has turned into 11 days.  I think it is a good article, and will go ahead on that basis.  I have one suggestion for improvement which is around why this is required which could be expanded with links to some of the issues around certificate compromise.  DigiNotar Man-in-the-middle_attack HTTP_Public_Key_Pinning Comodo_Group some background links on the results (just observations not for article) https://www.trustwave.com/Resources/SpiderLabs-Blog/Intercepting-SSL-And-HTTPS-Traffic-With-mitmproxy-and-SSLsplit/ https://www.techdirt.com/articles/20130910/10470024468/flying-pig-nsa-is-running-man-middle-attacks-imitating-googles-servers.shtml  https://www.eff.org/document/20141228-speigel-analysis-ssl-tls-connections-through-gchq-flying-pig-database RonaldDuncan (talk) 15:39, 22 June 2018 (UTC)
 * I'll have a look at some of that material and see what I can do, although perhaps it might be better editorially to expand Certificate authority instead (perhaps that can be my next GA). Thank you very much for this review. TheDragonFire (talk) 15:50, 22 June 2018 (UTC)
 * I have put it into https://en.wikipedia.org/wiki/Wikipedia:Good_articles/Engineering_and_technology#Cryptography it could be argued that it should be in the Websites and the Internet category. Please change if you think that is a better category for the article :) --expand Certificate authority by all means.  My thought was a few words to explain in this article RonaldDuncan (talk) 15:55, 22 June 2018 (UTC)