IETF Logo Mail Archive

Re: [kitten] I-D Action: draft-vanrein-dnstxt-krb1-00

Benjamin Kaduk <kaduk@MIT.EDU> Mon, 27 October 2014 18:14 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E5671A038C for <kitten@ietfa.amsl.com>; Mon, 27 Oct 2014 11:14:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t6k-M9QJCHtv for <kitten@ietfa.amsl.com>; Mon, 27 Oct 2014 11:14:00 -0700 (PDT)
Received: from dmz-mailsec-scanner-2.mit.edu (dmz-mailsec-scanner-2.mit.edu [18.9.25.13]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1B0661A0194 for <kitten@ietf.org>; Mon, 27 Oct 2014 11:14:00 -0700 (PDT)
X-AuditID: 1209190d-f79c06d000006f95-37-544e8b665991
Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-2.mit.edu (Symantec Messaging Gateway) with SMTP id 28.D7.28565.66B8E445; Mon, 27 Oct 2014 14:13:58 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id s9RIDwRZ001750; Mon, 27 Oct 2014 14:13:58 -0400
Received: from multics.mit.edu (system-low-sipb.mit.edu [18.187.2.37]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id s9RIDupZ026969 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 27 Oct 2014 14:13:57 -0400
Received: (from kaduk@localhost) by multics.mit.edu (8.12.9.20060308) id s9RIDtAT027816; Mon, 27 Oct 2014 14:13:55 -0400 (EDT)
Date: Mon, 27 Oct 2014 14:13:55 -0400
From: Benjamin Kaduk <kaduk@MIT.EDU>
To: Rick van Rein <rick@openfortress.nl>
In-Reply-To: <4CFD0017-B1F0-48C5-8ED8-21EFD770C5EC@openfortress.nl>
Message-ID: <alpine.GSO.1.10.1410271322190.27826@multics.mit.edu>
References: <4CFD0017-B1F0-48C5-8ED8-21EFD770C5EC@openfortress.nl>
User-Agent: Alpine 1.10 (GSO 962 2008-03-14)
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; boundary="-559023410-652476996-1414430734=:27826"
Content-ID: <alpine.GSO.1.10.1410271413080.27826@multics.mit.edu>
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrFKsWRmVeSWpSXmKPExsUixCmqrZvW7RdisP+MlcXRzatYLJ6+usfm wOSxZMlPJo8N/5rYApiiuGxSUnMyy1KL9O0SuDIOdh9mKTjBW9HQ+patgXECdxcjJ4eEgIlE w4zpTBC2mMSFe+vZuhi5OIQEZjNJPPnwngXC2cgoce/HcSYI5xCTxJKVX5ghnAZGic4lu1lA +lkEtCUm7tjKBmKzCahIzHyzEcwWEdCQ+PxrKpjNLCAssf7cDGYQW1jATmL75a3sIDangLPE of8Qd/AKOErM+tLJCmILCThJnPj+FiwuKqAjsXr/FBaIGkGJkzOfsEDMDJBY8+kkM4TtKNH8 5BX7BEahWUjKZiEpm4WkDMLWkbg5YzEbhK0tcf9mGxtMTd/U6cwLGNlWMcqm5Fbp5iZm5hSn JusWJyfm5aUW6Rrp5WaW6KWmlG5iBEeJJO8OxncHlQ4xCnAwKvHwTij2DRFiTSwrrsw9xCjJ waQkypte4BcixJeUn1KZkVicEV9UmpNafIhRgoNZSYT3QBpQjjclsbIqtSgfJiXNwaIkzrvp B1+IkEB6YklqdmpqQWoRTFaGg0NJgndaF1CjYFFqempFWmZOCUKaiYMTZDgP0PDtIDW8xQWJ ucWZ6RD5U4yKUuK8W0ESAiCJjNI8uF5YEnvFKA70ijDvJZAqHmAChOt+BTSYCWiw0TQfkMEl iQgpqQZG7qOnzNlKNxyKX/fk+9nvr9ZLbhbumryJ94tORVLLlHea6zgq+7lmzND8yMMmOul2 yt5KP/dpbzPnSHywdP194WvVhXmpETPvdVSe83f8/0x7m9rxt6W+ez7cUClJvrfwmSmXv4ah 9443u+7mXl7K2Ojt5t1q+nBezYZQt1KWkKCGe5/EjPodlFiKMxINtZiLihMBCLJTFT0DAAA=
Archived-At: http://mailarchive.ietf.org/arch/msg/kitten/lGz1SijD9cgu_rq1uaC0TCGh10E
Cc: kitten@ietf.org
Subject: Re: [kitten] I-D Action: draft-vanrein-dnstxt-krb1-00
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Oct 2014 18:14:05 -0000

On Sun, 19 Oct 2014, Rick van Rein wrote:

> Hello,
>
> After a discussion on kerberos@mit.edu about the TXT records that never made it into a standard, we realised that the recent success of DNSSEC provides a new opportunity for this dnsname-to-realmname mapping.  Below is a proposal to that end.
>
> Title: Finding the Kerberos Realm of a Service in DNS
> Draft: draft-vanrein-dnstxt-krb1-00
> Location: http://datatracker.ietf.org/doc/draft-vanrein-dnstxt-krb1/
>
> This is part of my endeavour to move Kerberos towards realm crossover, for which finding a service’s realmname can be all but trivial.
>
> Any comments on this are highly appreciated!

It might be good to also solicit feedback from the DNS types; I'm not
actually sure if that means dnsop@ietf.org or somewhere else.  (I am not a
DNS type, so my comments will be limited in scope.)

In section 4, does "the client MUST dismiss any DNS responses that are not
Insecure, Bogus or Indeterminite" have an extra 'not'?

I don't really understand the case-mapping text in the second paragraph of
section 6.1 (there don't seem to be any examples that use it).

Also in 6.1, I don't think the phrase "it is useless to lookup a Kerberos
ticket for ftp.example.com" is a valid use of "kerberos ticket".

"multilple" is a typo


-Ben

v2.23.0 | Report a Bug | By Email