[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Agenda: draft-ietf-dnsext-gss-tsig-06.txt

To: iesg-secretary@ietf.org
Subject: Agenda: draft-ietf-dnsext-gss-tsig-06.txt
From: Erik Nordmark <Erik.Nordmark@sun.com>
Date: Thu, 12 Jun 2003 10:58:19 +0200 (CEST)
Cc: iesg@ietf.org

I'd like to discuss the process for moving this document back
on the rfc editor queue during the call today if possible.
A new notice needs to be sent from iesg-secretary to re-approve it.

Background:
-----------

Last year we approved gss-tsig-05.txt.
When it was at the rfc-editor (during or just before AUTH48) somebody
discovered that the specification was in conflict with the TSIG RFC (RFC 2845).
A notice was sent to RFC editor to hold further processing while the WG
decided how to proceed.

The choices at the time to either modify the GSS-TSIG protocol, to
modify the TSIG specification to say that the GSS-TSIG behavior is ok,
or something else.

The WG took forever to decide and in the meantime RFC editor asked if they
could just remove the document from their queue to which I responded "ok".

The WG resolution is to modify the TSIG specification to allow the behavior
and doing so by having gss-tsig update the TSIG RFC.
This resulted in this addition from gss-tsig-05 to 06:
> 2.2 Modifications to the TSIG protocol (RFC 2845)
> 
> Modification to RFC 2845 allows use of TSIG through signing server's
> response in an explicitly specified place in multi message exchange
> between two DNS entities even if client's request wasn't signed.
> 
> Specifically Section 4.2 of RFC 2845 MUST be modified as follows.
> 
> Replace:
> "The server MUST not generate a signed response to an unsigned
> request."
> 
> With:
> "The server MUST not generate a signed response to an unsigned request, 
> except in case of response to client's unsigned TKEY query if secret 
> key is established on server side after server processed client's 
> query. Signing responses to unsigned TKEY queries MUST be explicitly 
> specified in the description of an individual secret key establishment 
> algorithm."

Question:
---------

Where should we re-start the process?
The only requirement we have is that an approval notice be sent from 
iesg-secretary to rfc-editor so they can put the document back on the queue.

Do we do this informally?
Do we create an evaluation form and to that part of the approval process?
Do we restart by redoing the IETF last call?

I can live with either one of the choices - we just need to pick one and
move forward.

  Erik

Follow-Ups:
- Re: Agenda: draft-ietf-dnsext-gss-tsig-06.txt
  - From: Harald Tveit Alvestrand <harald@alvestrand.no>

Prev by Date: Re: draft-fink-6bone-phaseout-03.txt: info or bcp
Next by Date: RE: Ballot: Remote Network Monitoring MIB Protocol Identifier Reference to Draft Standard (Revised)
Previous by thread: RE: Evaluation: draft-klyne-msghdr-registry - Registration procedures for message header fields to BCP
Next by thread: Re: Agenda: draft-ietf-dnsext-gss-tsig-06.txt
Index(es):
- Date
- Thread