I have a couple of high-level comments on rfc2845bis-01: - Section 11.1 and Appendix B says "the MAC must be considered to be invalid until it was validated". This is fine, but it was not immediately clear to me specifically how RFC2845 was updated based on this principle until I actually compared the RFC and the draft closely and found the key difference in the "Sever TSIG checks" section: RFC2845: [...] The server MUST perform the following checks in the following order, check KEY, check TIME values, check MAC.
rfc2845bis-01: [...] The server MUST perform the following checks in the following order, check Key, check MAC, check Time values, check Truncation policy. I suggest clarifying the relationship between the principle and the actual protocol change either in Section 11.1 or in Section 6.5, or in both. - Regarding the author list (noted in Appendix B): Authors of original documents were moved to Acknowledgments (Appendix A). if not done yet, I suggest contacting the authors of the previous RFCs to confirm this is okay. Previously I experienced a case where an author of the original RFC was not comfortable with being removed from the author list in a bis doc. And, one minor typo in Section 4.3: * Time Signed - the The Time Signed field specifies seconds since 00:00 on 1970-01-01 UTC. 'The' should be removed. -- JINMEI, Tatuya _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop