On Thu, Sep 09, 2010 at 01:39:30AM +0200, Stefan Santesson wrote:
I actually think we made an error in 4985 and that the domain name should be
the domain that the service is authorized to represent.
RFC 4985 is ambiguous here: the definition of the name form says:
"The DNS domain name of the domain where the specified service
is located."
This corresponds to #2 in your example
While the description underneath the definition states:
"The purpose of the SRVName is limited to authorization of service
provision within a domain."
Which corresponds to #1.
I think there should be an errata correcting the definition to be:
"The DNS domain name of a domain for which the certified subject
is authorized to provide the identified service."
As it is now, the RFC is ambiguous.
Earlier in RFC 4985, it says:
The SRVName, if present, MUST contain a service name and a domain
name in the following form:
_Service.Name
The content of the components of this name form MUST be consistent
with the corresponding definition of these components in an SRV RR
according to RFC 2782
I think this was actually clear enough. The subsequent statement that
Name is "The DNS domain name of the domain where the specified service
is located." (which could mean any of a number of things) confused the
issue, and probably should not have been in the document.
--
Shumon Huque
University of Pennsylvania.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf