On Wed, 2012-05-23 at 19:12 -0400, Samuel Weiler wrote:
With that said, there are some things that need clarification, and the
doc sorely needs an editorial pass. As-is, the doc is not ready for
publication. I will be happy to review the doc again once it's been
thoroughly edited.
It does need copy-editing. As far as I know, the IETF does not have a
team of volunteer copy-editors, and multiple attempts to get help from
within the working group have met with only limited success (most
notably in the form of help from Stephen, who did quite a bit of work on
this before starting on his AD review). If anyone wants to volunteer to
spend some time on helping to clean up this document, let me know.
Otherwise, I think our only options are either to ask the paid editors
at the RFC production center to take a stab, or block an otherwise
completed document on cycles that may never appear.
Section 7 uses the term "TGT" without expansion. In the Kerberos
world I can't imagine someone not knowing what this is, but it's not
clear to the layman. It probably needs to be expanded.
It does; I somehow missed that in my review.
The algorithm in section 4.1 needs work. The obvious thing is to read
it linearly. Doing that, one would prefer DHCP over DNS SVR info (per
step 2), which is not what step 6 and the graphic say.
The algorithm is fine, but the description requires careful reading.
Step 2 kicks in only if you get a DHCP response containing Kerberos
configuration but no nameservers.
Saying "no answer from the DNS server" is probably not the desired
semantic.
There are only two branches here. Either you get a response containing
one or more relevant SRV RRs, or you don't. The latter is phrased as
"no answer from the DNS server", but is meant to also include errors and
empty responses. A suggestion for how to word this better would be
welcome.
In 3.4, the option-len field is ambiguous. It says "24-octet + the
length of the realm-name field in octets." But it looks to me like
this option is 27 octets + length of realm name. Perhaps it would be
better to just count the length of the realm name?
Yes, the description is wrong; the correct length is _23_ plus the
length of the realm. The 16-bit option code and length are part of the
DHCPv6 protocol; unless I'm misremembering, the length is the length of
the option payload (that is, excluding the two header fields).
Thanks for taking the time to review this.
-- Jeff