On Wed, Jul 10, 2019 at 10:56:26PM +0200, Benno Overeinder wrote:
> >From the feedback on the mailing list, the chairs believe that all
> feedback and comments have been addressed by the authors, either in the
> draft or on the mailing list.
With tremendous apologies for not spending a second on this draft earlier, I
do miss one sentence. But first, let me state that I (and the camel) are
elated that this draft actually obsoletes documents and doesn't add
substantially to the pagecount, or might even reduce it (!).
The sentence I miss comes after this first paragraph:
TSIG was originally specified by [RFC2845]. In 2017, two nameservers
strictly following that document (and the related [RFC4635]) were
discovered to have security problems related to this feature. The
implementations were fixed but, to avoid similar problems in the
future, the two documents were updated and merged, producing this
revised specification for TSIG.
While TSIG implemented according to this RFC provides for enhanced
security, there are no changes in interoperability. TSIG is on the wire
still the same mechanism, only checking semantics have been changed.
Please see section 10.1 for further details.
Rationale for this new paragraph is that it will save like 10000 questions
on if this TSIG is compatible with the old TSIG, or if software X implements
RFC9xxx TSIG or the old one, and if there is fallback etc.
I fully realize how late my suggestion is.
> This starts a Working Group Last Call process of three weeks and ends
> on: 31 July 2019.
I'm very much in favour of this cleanup and I applaud the authors for doing
the hard work to make it happen.
Bert
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
