I have a couple of high-level comments on rfc2845bis-01:
- Section 11.1 and Appendix B says "the MAC must be considered to be
invalid until it was validated". This is fine, but it was not
immediately clear to me specifically how RFC2845 was updated based
on this principle until I actually compared the RFC and the draft
closely and found the key difference in the "Sever TSIG checks"
section:
RFC2845:
[...] The server MUST perform the following checks in the
following order, check KEY, check TIME values, check MAC.
rfc2845bis-01:
[...] The server MUST perform the following checks in the
following order, check Key, check MAC, check Time values, check
Truncation policy.
I suggest clarifying the relationship between the principle and the
actual protocol change either in Section 11.1 or in Section 6.5, or
in both.
- Regarding the author list (noted in Appendix B):
Authors of original documents were moved to Acknowledgments
(Appendix A).
if not done yet, I suggest contacting the authors of the previous RFCs to
confirm this is okay. Previously I experienced a case where an
author of the original RFC was not comfortable with being removed
from the author list in a bis doc.
And, one minor typo in Section 4.3:
* Time Signed - the The Time Signed field specifies seconds
since 00:00 on 1970-01-01 UTC.
'The' should be removed.
--
JINMEI, Tatuya
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
