On Mon, Sep 13, 2010 at 10:18:00AM -0600, Peter Saint-Andre wrote: > On 9/9/10 1:36 PM, Stefan Santesson wrote: > > On 10-09-09 8:38 PM, "Shumon Huque" <shuque@xxxxxxxxxxxxx> wrote: > > > >> Earlier in RFC 4985, it says: > >> > >> The SRVName, if present, MUST contain a service name and a domain > >> name in the following form: > >> > >> _Service.Name > >> > >> The content of the components of this name form MUST be consistent > >> with the corresponding definition of these components in an SRV RR > >> according to RFC 2782 > >> > >> I think this was actually clear enough. The subsequent statement that > >> Name is "The DNS domain name of the domain where the specified service > >> is located." (which could mean any of a number of things) confused the > >> issue, and probably should not have been in the document. > > > > Agreed, but since it will be an errata, the text must be corrected. > > > > Do you agree with my proposal? > > > > "The DNS domain name of a domain for which the certified subject > > is authorized to provide the identified service." > > Authorized by whom? I *think* that here the DNS domain name is one that > the certified subject has itself authorized (perhaps even "established" > is better) to provide the desired service. Therefore I suggest an > alternative wording: > > "A DNS domain name which the certified subject has > authorized to provide the identified service." > > Peter I don't think the term "authorized" makes the situation any clearer. Let's take a concrete example: an IMAP client attempting to connect to and use the IMAP service at "example.com". It needs to lookup the "_imap._tcp.example.com." DNS SRV record to figure out which servers and ports to connect to. And in the presented certificate, it needs to expect to find an SRVName identifier with "_imap.example.com" as its contents, where the _Service and Name components were the same ones it used in the SRV query. There is no need to figure out who authorized what. -- Shumon Huque University of Pennsylvania. _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf