ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Review of draft-saintandre-tls-server-id-check

2010-09-08 17:11:12
from [Peter Saint-Andre] [Permanent Link] 
On 9/8/10 2:09 AM, t.petch wrote:

[TP]inline

----- Original Message -----
From: "Bernard Aboba" <bernard_aboba(_at_)hotmail(_dot_)com>
To: <daedulus(_at_)btconnect(_dot_)com>; <ietf(_at_)ietf(_dot_)org>; 
<stpeter(_at_)stpeter(_dot_)im>
Sent: Monday, September 06, 2010 8:48 PM

That was in fact my original question.

Section 5.1 states that the source domain and service type MUST be
provided by a human user, and can't be derived.  Yet in an SRV or
DDDS lookup, it is not the source domain that is derived, it is the
target domain.  Given that, it's not clear to me what types of DNS
resolutions are to be discouraged.

[TP]  Right, I see what you mean.

The DNS resolution I had in mind, if it is a resolution, is that while the
interactive user had specified a DNS name and that name had been fed into a 
DNS
Query, then the SRV record had been returned as an Additional RR, not as an
Answer, and that the Name from this Additional RR was now being used as the
source domain for the purposes of this I-D.  Which section 5.1 might be trying
to preclude.


Aha, I see the source of confusion. I think the first sentence of
Section 5.1 is better written as follows:

   When the connecting application is an interactive client,
   construction of the reference identifier SHOULD be based on the
   source domain and service type provided by a human user (e.g. when
   specifying the server portion of the user's account name on the
   server or when explicitly configuring the client to connect to a
   particular host or URI as in [SIP-LOC]) and SHOULD NOT be based on a
   target domain derived from the user inputs in an automated fashion
   (e.g., a host name or domain name discovered through DNS resolution
   of the source domain).

We want to make sure that the reference identifier is based on the
source (user-provided) domain, not the target (automatically-derived)
domain, except perhaps in several well-defined and carefully-limited
scenarios.

Peter

-- 
Peter Saint-Andre
https://stpeter.im/


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: My comments to the press about RFC 2474, Richard Bennett
Next by Date:  Re: The Evils of Informational RFC's, Richard Bennett
Previous by Thread:  Re: Review of draft-saintandre-tls-server-id-check, t.petch
Next by Thread:  RE: Review of draft-saintandre-tls-server-id-check, Bernard Aboba
Indexes:  [Date] [Thread] [Top] [All Lists]