Re: [kitten] Review of draft-ietf-kitten-krb-service-discovery-00
Matt Rogers <mrogers@redhat.com> Thu, 13 April 2017 19:30 UTC
Return-Path: <mrogers@redhat.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 21EAD128D69 for <kitten@ietfa.amsl.com>; Thu, 13 Apr 2017 12:30:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.12
X-Spam-Level:
X-Spam-Status: No, score=-2.12 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EKzp406YcxsP for <kitten@ietfa.amsl.com>; Thu, 13 Apr 2017 12:30:14 -0700 (PDT)
Received: from mail-qt0-f179.google.com (mail-qt0-f179.google.com [209.85.216.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9906313160F for <kitten@ietf.org>; Thu, 13 Apr 2017 12:30:13 -0700 (PDT)
Received: by mail-qt0-f179.google.com with SMTP id c45so53392368qtb.1 for <kitten@ietf.org>; Thu, 13 Apr 2017 12:30:13 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=gan/KGx+JdX7SjDt3Joo+u8SQmFgZlXMaCPfUR/pWYQ=; b=Lov9vTBhGcRlDxKoGsYjOM5a/xGt69xmIkchErtwEHa+JojKrCgbVpLq2ORtHPuxWa dtSCj46agSzjSczOEPSzb2W/1R1oAiIi/QF1R+9i4HKx47dltWmQBa5AE0nKWnYG9WPD dqsikbNwdUEdFXakIj8+2cpIdrIx+fnbF3bR0nLq8s621GgMEYLBsLAgysCnzClWYB35 rJyep5s0qsTWkGGGbvnPjGIyQjGTIQeCj6FmNPoBJjRg8OsH/PYm6gY0Pt0mbItNDx/X DhU3QTGN/pBGyPFEQJXnPaad/pIkb+4/oKFpwr9/aeTT8qPA1s4iCOGGbsqFBxQVaHvl Qb1w==
X-Gm-Message-State: AN3rC/5BkYoYkrnPw5hgF3BtUTkEArZeIxBDgf0O8x9qu6PskceA7qjh FrnhXgZTnYSf7a8kPeaMSuNwpdTNWHecxW8=
X-Received: by 10.200.52.232 with SMTP id x37mr3979735qtb.34.1492111812656; Thu, 13 Apr 2017 12:30:12 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.12.175.145 with HTTP; Thu, 13 Apr 2017 12:29:42 -0700 (PDT)
In-Reply-To: <20170412023920.GB30306@kduck.kaduk.org>
References: <20170412023920.GB30306@kduck.kaduk.org>
From: Matt Rogers <mrogers@redhat.com>
Date: Thu, 13 Apr 2017 15:29:42 -0400
Message-ID: <CAAeFVfyG5Aifpzry9Ha-Ddqbt93s7mJanWYar__kj2OJWa8BXg@mail.gmail.com>
To: Benjamin Kaduk <kaduk@mit.edu>
Cc: kitten@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/M9SFlktUjPnTBR7XvO9eWBJBPmo>
Subject: Re: [kitten] Review of draft-ietf-kitten-krb-service-discovery-00
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Apr 2017 19:30:16 -0000
On Tue, Apr 11, 2017 at 10:39 PM, Benjamin Kaduk <kaduk@mit.edu> wrote: > In addition to the other thread, I have a few comments from my > read-through, in addition to the issues already raised by others. > > I'm inclined to agree with Greg that specifying a discovery scheme > for a protocol that is not well-specified/interoperable is probably > not worth doing; there was some IESG pushback recently as OAuth was > trying to get an "amr" registry created (similar to our > authentication indicator, in a rough sense), which listed some > schemes like "hotp" without any explanation of how they would work. > Agreed, I am removing the text related to admin services. > We very informally bring in the concept of a "master server" in > section 4.2.1; this is not a term that commonly appears in kerberos > RFCs, so it may be worth indicating that it is a term being newly > defined (or avoiding it altogether). > The updated text for the master flag description should help clarify (see below). > Listing kitten@ietf.org as a Designated Expert is unwise; the > expert(s) should be named individuals selected by the IESG. The > document creating the registry ought to give the IESG some guidance > as to who is qualified to be such an expert, though. The > instructions to the expert can certainly include a three-week period > of public review on the kitten list, though. > Looking at some existing IANA Considerations examples, I might suggest the following: 8. IANA Considerations This document establishes two registries [to be] managed by IANA, in accordance with [RFC5226]. For registration requests the responsible IESG area director should appoint a Designated Expert. The intention is that any allocation will be accompanied by a published RFC. The Designated Expert will post a request to the KITTEN WG mailing list (or a successor designated by the Area Director) for comment and review, including an Internet-Draft. Before a period of three weeks has passed, the Designated Expert will either approve or deny the registration request, publish a notice of the decision to the KITTEN WG mailing list or its successor, and inform IANA of its decision. A denial notice must be justified by an explanation and, in the cases where it is possible, concrete suggestions on how the request can be modified so as to become acceptable. > It's sometimes odd to have the IANA considerations be the first > place that certain concepts come up in the document. It may be > clearer to have a table for them in the main body of the text, and > the IANA considerations refer back to that table as being the > initial registry contents. > I'm expanding on the master flag separately from the registry contents and try to clarify its intent; 6.2. Flags ... 6.2.1. Master Flag The "m" flag indicates that the server is a "master". The client SHOULD consider this server as one that might possess more up-to-date long-term key material, and use it as a fallback for errors that might result from out-of-date keys. .... 8.1.2. Initial Registry Contents o Value: m o Description: Master flag o Reference: [This Document] > Something of a nit, but I thought that "MS-KKDCPP" was the > established abbreviation for that specifciation (i.e., with two > 'P's). > The Microsoft documentation and others only refer to it as "MS-KKDCP". Thanks again for your comments, Matt
- [kitten] Review of draft-ietf-kitten-krb-service-… Benjamin Kaduk
- Re: [kitten] Review of draft-ietf-kitten-krb-serv… Matt Rogers