IETF Logo Mail Archive

Re: [kitten] Review of draft-ietf-kitten-krb-service-discovery-00

"Henry B (Hank) Hotz, CISSP" <hbhotz@oxy.edu> Tue, 21 March 2017 20:16 UTC

Return-Path: <hbhotz@oxy.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6692129516 for <kitten@ietfa.amsl.com>; Tue, 21 Mar 2017 13:16:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.934
X-Spam-Level:
X-Spam-Status: No, score=-1.934 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hOj77tEnmwKr for <kitten@ietfa.amsl.com>; Tue, 21 Mar 2017 13:16:31 -0700 (PDT)
Received: from mailout.easymail.ca (mailout.easymail.ca [64.68.201.169]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7BCB1129513 for <kitten@ietf.org>; Tue, 21 Mar 2017 13:16:31 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mailout.easymail.ca (Postfix) with ESMTP id 299F3E1C8; Tue, 21 Mar 2017 16:16:30 -0400 (EDT)
Received: from mailout.easymail.ca ([127.0.0.1]) by localhost (easymail-mailout.easydns.vpn [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t65K-zAumhBZ; Tue, 21 Mar 2017 16:16:28 -0400 (EDT)
Received: from [192.168.3.129] (24-205-82-163.dhcp.psdn.ca.charter.com [24.205.82.163]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout.easymail.ca (Postfix) with ESMTPSA id 5D999A10DE; Tue, 21 Mar 2017 16:16:28 -0400 (EDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
From: "Henry B (Hank) Hotz, CISSP" <hbhotz@oxy.edu>
In-Reply-To: <x7dzige39sj.fsf@equal-rites.mit.edu>
Date: Tue, 21 Mar 2017 13:16:26 -0700
Cc: kitten@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <3FD27BFF-5090-4505-852C-E8766BBAA93B@oxy.edu>
References: <x7dzige39sj.fsf@equal-rites.mit.edu>
To: Greg Hudson <ghudson@MIT.EDU>
X-Mailer: Apple Mail (2.2104)
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/SeiHUhGTReMVH8x5SQKNsbmTd18>
Subject: Re: [kitten] Review of draft-ietf-kitten-krb-service-discovery-00
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Mar 2017 20:16:33 -0000

> On Mar 21, 2017, at 8:54 AM, Greg Hudson <ghudson@MIT.EDU> wrote:
> 
> Section 7 (Kerberos Admin Service Discovery):
> 
> * There is no standard admin protocol, even a de facto one (well,
>  Heimdal has some interoperability with MIT krb5).  It doesn't make a
>  lot of sense to specify a standard discovery protocol when there is no
>  standard for what is being discovered.  I think we want to leave this
>  as an implementation-specific aside.

Mildly disagree. 

Mainly because there is RFC 6860. As a weaker argument, I still think it makes sense to specify how to find the admin service, even if the details of that service are “implementation specific”.

Of course, having done that much, one wonders if we couldn’t specify an interoperable subset of an admin protocol which implements “enough of” 6860. . .  Experience with 6860 would suggest there isn’t sufficient interest to support that effort though.

>  This change would have an impact on section 9.2.1 (removing the
>  default admin service port) and 9.2.2.

Personal email.  hbhotz@oxy.edu

v2.23.0 | Report a Bug | By Email