Re: [kitten] Fwd: New Version Notification for draft-vanrein-dnstxt-krb1-05.txt
Rick van Rein <rick@openfortress.nl> Fri, 25 September 2015 12:43 UTC
Return-Path: <rick@openfortress.nl>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B5C11B317D for <kitten@ietfa.amsl.com>; Fri, 25 Sep 2015 05:43:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id txUG6pP5_i0N for <kitten@ietfa.amsl.com>; Fri, 25 Sep 2015 05:43:53 -0700 (PDT)
Received: from lb2-smtp-cloud3.xs4all.net (lb2-smtp-cloud3.xs4all.net [194.109.24.26]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 340881A90B2 for <kitten@ietf.org>; Fri, 25 Sep 2015 05:43:52 -0700 (PDT)
Received: from airhead.local ([83.161.146.46]) by smtp-cloud3.xs4all.net with ESMTP id MQjp1r00310HQrX01QjqCc; Fri, 25 Sep 2015 14:43:50 +0200
Message-ID: <56054183.6010401@openfortress.nl>
Date: Fri, 25 Sep 2015 14:43:47 +0200
From: Rick van Rein <rick@openfortress.nl>
User-Agent: Postbox 3.0.11 (Macintosh/20140602)
MIME-Version: 1.0
To: Greg Hudson <ghudson@mit.edu>
References: <20150915143628.21162.89108.idtracker@ietfa.amsl.com> <55F82DA5.10504@openfortress.nl> <alpine.GSO.1.10.1509172254390.26829@multics.mit.edu> <55FBF0C8.6090904@openfortress.nl> <20150918140247.GB13294@localhost> <20150918153219.GP21942@mournblade.imrryr.org> <55FC4A37.9020305@openfortress.nl> <55FD5F8B.8050807@openfortress.nl> <55FD8806.5070909@mit.edu> <560136F2.3010509@openfortress.nl> <56016C88.6060708@mit.edu>
In-Reply-To: <56016C88.6060708@mit.edu>
X-Enigmail-Version: 1.2.3
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/5MRG3nk0qeVsLx-JoxCzJueevEU>
Cc: kitten@ietf.org
Subject: Re: [kitten] Fwd: New Version Notification for draft-vanrein-dnstxt-krb1-05.txt
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Sep 2015 12:43:58 -0000
Hi, Greg> I do not agree. RFC 4120 says, "Before sending a request to the Greg> ticket-granting service, the client MUST determine in which realm the Greg> application server is believed to be registered." Yes, this is clear enough. Although "believed" leaves some room for wiggling, I agree that this text should not be taken as far as I was hoping to get. So then, we cannot handle undeterministic names (such as potentially case-mangled names) when we "believe" in the realm for the application server. There are now two ways out; one is to continue with PTR and then fixate one realm casing (presumably uppercase) and live with this forevermore. The other is to go back to TXT or KREALM RR, of which TXT is widely preferred. Given that it is acceptable to the DNS community, TXT is my (light) preference too. The historic use of the _kerberos prefix should distinguish it well enough from other uses of TXT. Perhaps we should give it another try in that form, and fallback to KREALM if that is rejected by DNS people. If nobody objects, I will soon update my draft text to the TXT form, limiting to only one <character-string> in the TXT field, and not constraining it to be domain-style. I will continue to be strong in requiring DNSSEC, of course. -Rick
- [kitten] Fwd: New Version Notification for draft-… Rick van Rein
- Re: [kitten] Fwd: New Version Notification for dr… Benjamin Kaduk
- Re: [kitten] Fwd: New Version Notification for dr… Rick van Rein
- Re: [kitten] Fwd: New Version Notification for dr… Rick van Rein
- Re: [kitten] Fwd: New Version Notification for dr… Nico Williams
- Re: [kitten] Fwd: New Version Notification for dr… Greg Hudson
- Re: [kitten] Fwd: New Version Notification for dr… Viktor Dukhovni
- Re: [kitten] Fwd: New Version Notification for dr… Rick van Rein
- Re: [kitten] Fwd: New Version Notification for dr… Rick van Rein
- Re: [kitten] Fwd: New Version Notification for dr… Greg Hudson
- Re: [kitten] Fwd: New Version Notification for dr… Rick van Rein
- Re: [kitten] Fwd: New Version Notification for dr… Greg Hudson
- Re: [kitten] Fwd: New Version Notification for dr… Rick van Rein
- Re: [kitten] Fwd: New Version Notification for dr… Greg Hudson
- Re: [kitten] Fwd: New Version Notification for dr… Rick van Rein
- Re: [kitten] Fwd: New Version Notification for dr… Rick van Rein
- Re: [kitten] Fwd: New Version Notification for dr… Greg Hudson