Hi Miguel, Thanks for the review comments.
> - Section 3 1st paragraph says: > > An anonymous Kerberos realm name MUST NOT be present in > the transited field of a ticket. > >and later the third paragraph says: > > Note that in this specification, the anonymous principal name and > realm are only applicable to the client in Kerberos messages, the > server MUST NOT be anonymous in any Kerberos message. >It came to my attention that this text is part of Section 3: "Definitions". >However, the above paragraphs are not definitions, but normative text. I >would have expected that the Definitions section contains informative >definitions that help to understand the draft, but not the normative >procedures. I suggest to move the above text elsewhere in the draft. I agree, and I would propose to move the text to the next section. > - Section 3, anonymous ticket flag: > The 4th paragraph in Section 3 misses a context with respect the anonymous > ticket flag. For example, I would have expected the text to answer these > questions: Is the anonymous ticket flag a new flag defined by this document > or defined elsewhere? What is the purpose of this flag? I would propose to add the following text to clarify. 177a180,182 > This is a new ticket flag that is used to indicate a ticket is an > anonymous one. > Miguel Garcia wrote: > - Section 4, 1st paragraph, second line. Is the acronym "AS" correct for > "Authentication Exchange" ??? It looks it could be "AE" instead. > Later, still in the 1st paragraph, but the 6th and 7th lines, the text > says: "... in an AS exchange" > So, if I replace "AS" with "Authenticate Exchange" then the sentence will > read: "... in an Authentication Exchange exchange", which obviously looks > bad. It should be "Authentication Service (AS) exchange". I would propose to add the missing word "service" to clear this up. > - Section 4, page 6, third paragraph on that page: There is normative text > in passive voice, and it wasn't immediately clear to me who is the subject > of the normative text. The text reads: > Identity-based authorization data SHOULD NOT be present in an > anonymous ticket in that it typically reveals the client's identity. > Presumably this "SHOULD NOT" strength should apply to the TGS, but I am not > sure. I would suggest to clarify and turn the sentence into active voice. > Perhaps the same is also applicable to other parts of the draft. I would propose to change from the passive tone to active tone. AS or TGS SHOULD NOT populate identity-based authorization data into an anonymous ticket in that such authorization data typically reveals the client's identity. > - Section 5, 1st paragraph on Page 8, reads: > " ... the initiator must NOT send " > I guess this should be a normative "MUST NOT". If it isn't, then turn it to > "must not". You are right. It should be "MUST NOT". > I think IANA will have trouble to parse the above text. I would suggest the > following: > This document defines a new 'anonymous' Kerberos name and a new > 'anonymous' Kerberos realm based on [KRBNAM]. IANA is requested to add > these two values to the Kerberos name and the Kerberos real registries that > are created in [KRBNAM]. This looks good. I would make a few slight changes, and it would read as follows: This document defines a new 'anonymous' Kerberos well-known name and a new 'anonymous' Kerberos well-known realm based on [KRBNAM]. IANA is requested to add these two values to the Kerberos naming registries that are created in [KRBNAM]. --larry -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeffrey Hutzelman Sent: Tuesday, March 11, 2008 12:17 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: [Ietf-krb-wg] Gen-ART review of draft-ietf-krb-wg-anon-05.txt (fwd) ------------ Forwarded Message ------------ Date: Monday, March 03, 2008 04:52:19 PM +0200 From: Miguel Garcia <[EMAIL PROTECTED]> To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Cc: General Area Review Team <[email protected]> Subject: Gen-ART review of draft-ietf-krb-wg-anon-05.txt I have been selected as the General Area Review Team (Gen-ART) reviewer for this draft (for background on Gen-ART, please see http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html). Please wait for direction from your document shepherd or AD before posting a new version of the draft. Document: draft-ietf-krb-wg-anon-05.txt Reviewer: Miguel Garcia <[EMAIL PROTECTED]> Review Date: 2008-03-03 IETF LC End Date: 2008-03-07 Summary: The document is ready for publication as a proposed standard RFC. Comments: Here are some comments you may want to include in a future revision of the document. - Section 3 1st paragraph says: An anonymous Kerberos realm name MUST NOT be present in the transited field of a ticket. and later the third paragraph says: Note that in this specification, the anonymous principal name and realm are only applicable to the client in Kerberos messages, the server MUST NOT be anonymous in any Kerberos message. It came to my attention that this text is part of Section 3: "Definitions". However, the above paragraphs are not definitions, but normative text. I would have expected that the Definitions section contains informative definitions that help to understand the draft, but not the normative procedures. I suggest to move the above text elsewhere in the draft. - Section 3, anonymous ticket flag: The 4th paragraph in Section 3 misses a context with respect the anonymous ticket flag. For example, I would have expected the text to answer these questions: Is the anonymous ticket flag a new flag defined by this document or defined elsewhere? What is the purpose of this flag? Perhaps the 4th paragraph should start by saying: "This document defines a new 'anonymous ticket flag' whose purpose is to indicate that a request is being made anonymous" (or something like that). - Section 4, 1st paragraph, second line. Is the acronym "AS" correct for "Authentication Exchange" ??? It looks it could be "AE" instead. Later, still in the 1st paragraph, but the 6th and 7th lines, the text says: "... in an AS exchange" So, if I replace "AS" with "Authenticate Exchange" then the sentence will read: "... in an Authentication Exchange exchange", which obviously looks bad. - Section 4, page 6, third paragraph on that page: There is normative text in passive voice, and it wasn't immediately clear to me who is the subject of the normative text. The text reads: Identity-based authorization data SHOULD NOT be present in an anonymous ticket in that it typically reveals the client's identity. Presumably this "SHOULD NOT" strength should apply to the TGS, but I am not sure. I would suggest to clarify and turn the sentence into active voice. Perhaps the same is also applicable to other parts of the draft. - Section 5, 1st paragraph on Page 8, reads: " ... the initiator must NOT send " I guess this should be a normative "MUST NOT". If it isn't, then turn it to "must not". - Section 8, IANA consideration. The text reads: Section 3 defines the anonymous Kerberos name and the anonymous Kerberos realm based on [KRBNAM]. The IANA registry for [KRBNAM] need to be updated to add references to this document. I think IANA will have trouble to parse the above text. I would suggest the following: This document defines a new 'anonymous' Kerberos name and a new 'anonymous' Kerberos realm based on [KRBNAM]. IANA is requested to add these two values to the Kerberos name and the Kerberos real registries that are created in [KRBNAM]. Thanks, Miguel Garcia -- Miguel A. Garcia tel:+358-50-4804586 Nokia Siemens Networks Espoo, Finland ---------- End Forwarded Message ---------- _______________________________________________ ietf-krb-wg mailing list [EMAIL PROTECTED] https://lists.anl.gov/mailman/listinfo/ietf-krb-wg _______________________________________________ Gen-art mailing list [email protected] https://www.ietf.org/mailman/listinfo/gen-art
