On Wed, 2012-05-23 at 19:12 -0400, Samuel Weiler wrote: > With that said, there are some things that need clarification, and the > doc sorely needs an editorial pass. As-is, the doc is not ready for > publication. I will be happy to review the doc again once it's been > thoroughly edited. It does need copy-editing. As far as I know, the IETF does not have a team of volunteer copy-editors, and multiple attempts to get help from within the working group have met with only limited success (most notably in the form of help from Stephen, who did quite a bit of work on this before starting on his AD review). If anyone wants to volunteer to spend some time on helping to clean up this document, let me know. Otherwise, I think our only options are either to ask the paid editors at the RFC production center to take a stab, or block an otherwise completed document on cycles that may never appear. > Section 7 uses the term "TGT" without expansion. In the Kerberos > world I can't imagine someone not knowing what this is, but it's not > clear to the layman. It probably needs to be expanded. It does; I somehow missed that in my review. > The algorithm in section 4.1 needs work. The obvious thing is to read > it linearly. Doing that, one would prefer DHCP over DNS SVR info (per > step 2), which is not what step 6 and the graphic say. The algorithm is fine, but the description requires careful reading. Step 2 kicks in only if you get a DHCP response containing Kerberos configuration but no nameservers. > Saying "no answer from the DNS server" is probably not the desired > semantic. There are only two branches here. Either you get a response containing one or more relevant SRV RRs, or you don't. The latter is phrased as "no answer from the DNS server", but is meant to also include errors and empty responses. A suggestion for how to word this better would be welcome. > In 3.4, the option-len field is ambiguous. It says "24-octet + the > length of the realm-name field in octets." But it looks to me like > this option is 27 octets + length of realm name. Perhaps it would be > better to just count the length of the realm name? Yes, the description is wrong; the correct length is _23_ plus the length of the realm. The 16-bit option code and length are part of the DHCPv6 protocol; unless I'm misremembering, the length is the length of the option payload (that is, excluding the two header fields). Thanks for taking the time to review this. -- Jeff