Opened 8 years ago

Closed 8 years ago

#187 closed defect (fixed)


Reported by: jouni.nospam@… Owned by: jouni.nospam@…
Priority: major Milestone:
Component: dynamic-discovery Version:
Severity: - Keywords:


As a pert of the document shepherd proto write-up I read the I-D.

In Section 1.3. it is stated:

o much more in-depth guidance on DNS regarding timeouts, failure conditions, alteration of TTLs (not considered for Diameter)

While I agree the I-D is more thorough on DNS related timeouts and failure conditions, the above statement is not entirely true. RFC 6733 has timeout specific text when it comes to the TTL learned from DNS and the lifetime of the discovered server's certificate. This is on the other hand missing from this I-D, i.e. the situation where the TTL would exceed certificate lifetime. I'd like to see this also addressed in the I-D.

Change History (2)

comment:1 Changed 8 years ago by stefan.winter@…

I have changed the sentence to a relative, not an absolute statement:

"much more in-depth guidance on DNS regarding timeouts, failure conditions, alteration of Time-To-Live (TTL) information than the Diameter counterpart"

which makes the sentence more true than before.

On the second part, TTL higher than certificate lifetime, this is out of scope for this specification: this draft specifies an algorithm on extracting connection-relevant data from DNS - and only that. The lifetime of a certificate is learned only later, when this list is used to establish a RADIUS/TLS connection with a discovered endpoint.

The place to put a TTL restriction would thus be RFC6614, chapter "Connection Setup". Unfortunately, that RFC is silent on this matter :-(

Since RFC6614 is currently being discussed for re-issue from Experimental to Standards track, I suggest to introduce the corresponding change in that RFC's "bis".

Please let me know if that works for you and close the ticket if so.

comment:2 Changed 8 years ago by jouni.nospam@…

  • Resolution set to fixed
  • Status changed from new to closed

Based on the discussion in the IETF91 RADEXT WG meeting, I am happy with the current text in -12.

Note: See TracTickets for help on using tickets.