Q: Conflict between TSIG RFC and GSS-API documents

[Ólafur Gudmundsson/DNSEXT co-chair <ogud@ogud.com>]

From the minutes in ATLANTA:


> GSSAPI and TSIG conflict:
>     DNSEXT wg generated TSIG RFC
>     DNSEXT wg processed gssapi TSIG
>         just before rfc editor started 48hour period we got a report
>         that there was a conflict between two the documents.
>         TSIG specifies that TSIG can only be used if original query
>           contains TSIG
>         GSSAPI specifies that last message in TKEY exchange has TSIG
>           last message is empty, and this proves the key negotiated is
>           working from security point of view this is a good thing
>
>         TSIG needs minor updates before advancing to draft standard:
>              is this extensions one of them?
>
> The sense of the room was that this was a reasonable extensions and the
> chair is instructed to take this question to the mailing list.
Does the mailing list agree with this assessment and give
its consensus that the lock on the GSS-API document be lifted ?

Silence will be taken as agreement.

Please post objections before Feb 12'th.

thanks
        Olafur




--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>