Re: [Ietf-krb-wg] Late Last Call Comment: draft-ietf-krb-wg-naming-04.txt
Larry Zhu <lzhu@windows.microsoft.com> Sun, 27 July 2008 14:00 UTC
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com
Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C444528C0F5 for <ietfarch-krb-wg-archive@core3.amsl.com>; Sun, 27 Jul 2008 07:00:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.266
X-Spam-Level:
X-Spam-Status: No, score=-105.266 tagged_above=-999 required=5 tests=[AWL=-2.667, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LAoyQZlE9flB for <ietfarch-krb-wg-archive@core3.amsl.com>; Sun, 27 Jul 2008 07:00:33 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 3F01D3A65A5 for <krb-wg-archive@lists.ietf.org>; Sun, 27 Jul 2008 07:00:33 -0700 (PDT)
Received: from mailhost.anl.gov (localhost [127.0.0.1]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 3C6B543; Sun, 27 Jul 2008 09:00:40 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id C212741; Sun, 27 Jul 2008 09:00:39 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 8E7BE80D96; Sun, 27 Jul 2008 09:00:39 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 563C380D8C for <ietf-krb-wg@lists.anl.gov>; Sun, 27 Jul 2008 09:00:38 -0500 (CDT)
Received: by mailhost.anl.gov (Postfix) id 4FF5F21; Sun, 27 Jul 2008 09:00:38 -0500 (CDT)
Delivered-To: ietf-krb-wg@anl.gov
Received: from mailhost.anl.gov (localhost [127.0.0.1]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 28B1C28 for <ietf-krb-wg@anl.gov>; Sun, 27 Jul 2008 09:00:38 -0500 (CDT)
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 166DF21 for <ietf-krb-wg@anl.gov>; Sun, 27 Jul 2008 09:00:38 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id F23327CC05D; Sun, 27 Jul 2008 09:00:37 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 08733-07; Sun, 27 Jul 2008 09:00:37 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id D8AB37CC059 for <ietf-krb-wg@anl.gov>; Sun, 27 Jul 2008 09:00:37 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AioAAAMcjEiDa3PXlGdsb2JhbACLGYc2AQEBAQkDCgcRBpoq
X-IronPort-AV: E=Sophos;i="4.31,259,1215406800"; d="scan'208";a="17578996"
Received: from mailb.microsoft.com (HELO smtp.microsoft.com) ([131.107.115.215]) by mailgateway.anl.gov with ESMTP; 27 Jul 2008 09:00:37 -0500
Received: from tk1-exhub-c104.redmond.corp.microsoft.com (157.54.46.188) by TK5-EXGWY-E802.partners.extranet.microsoft.com (10.251.56.168) with Microsoft SMTP Server (TLS) id 8.1.251.2; Sun, 27 Jul 2008 07:00:36 -0700
Received: from TK5-EXMLT-W605V.wingroup.windeploy.ntdev.microsoft.com (157.54.18.79) by tk1-exhub-c104.redmond.corp.microsoft.com (157.54.46.188) with Microsoft SMTP Server id 8.1.240.5; Sun, 27 Jul 2008 07:00:36 -0700
Received: from NA-EXMSG-W601.wingroup.windeploy.ntdev.microsoft.com ([fe80::8de9:51a2:cd62:f122]) by TK5-EXMLT-W605V.wingroup.windeploy.ntdev.microsoft.com ([157.54.18.79]) with mapi; Sun, 27 Jul 2008 07:00:36 -0700
From: Larry Zhu <lzhu@windows.microsoft.com>
To: Sam Hartman <hartmans-ietf@mit.edu>, "ietf@ietf.org" <ietf@ietf.org>
Date: Sun, 27 Jul 2008 07:00:35 -0700
Thread-Topic: [Ietf-krb-wg] Late Last Call Comment: draft-ietf-krb-wg-naming-04.txt
Thread-Index: AciKmr4jGbRpWLWsTS+GXvTD4KJamhlVjuJg
Message-ID: <AB1E5627D2489D45BD01B84BD5B90046061C497D5C@NA-EXMSG-W601.wingroup.windeploy.ntdev.microsoft.com>
References: <tsld4ppmojl.fsf@mit.edu>
In-Reply-To: <tsld4ppmojl.fsf@mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
MIME-Version: 1.0
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Cc: "ietf-krb-wg@anl.gov" <ietf-krb-wg@anl.gov>
Subject: Re: [Ietf-krb-wg] Late Last Call Comment: draft-ietf-krb-wg-naming-04.txt
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ietf-krb-wg-bounces@lists.anl.gov
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
The proposed text looks good. --larry -----Original Message----- From: ietf-krb-wg-bounces@lists.anl.gov [mailto:ietf-krb-wg-bounces@lists.anl.gov] On Behalf Of Sam Hartman Sent: Thursday, March 20, 2008 7:57 AM To: ietf@ietf.org Cc: ietf-krb-wg@anl.gov Subject: [Ietf-krb-wg] Late Last Call Comment: draft-ietf-krb-wg-naming-04.txt I think there is a minor ambiguity in the naming draft: >Consequently, unless otherwise > specified, a well-known Kerberos realm name MUST NOT be present in transited encoding Who enforces this requirement? That's an important question because it controls who needs to support the specific well known realm in order for it to be used. In general using passive voice for such requirements is a really bad idea. I'd recommend something like: Unless otherwise specified, parties checking the transited realm path MUST reject a transited realm path that includes a well known realm. In the case of KDCs checking the transited realm path, this means that the transited policy checked flag MUST NOT be set in the resulting ticket. In particular, that means that a KDC that is not checking transited realm paths is not encouraged to reject a request simply because the realm in an unknown well known realm. --Sam _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg