[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] RE: AuthenticationMethod / NameIdentifier and Kerberos authentication
This sounds ok to me. I think it would make good sense to mention clarifications as 'work in progress' using the approach you indicated. It is however important to mention it in some way because many people make the mistake of looking at rfc1510 to find out about Kerberos and don't realise this isn't the latest definition of the protocol. Cheers, Tim. -----Original Message----- From: Linn, John [mailto:jlinn@rsasecurity.com] Sent: 04 June 2004 13:49 To: Tim Alsop; John Kemp Cc: p.madsen@entrust.com; security-services@lists.oasis-open.org Subject: RE: [security-services] RE: AuthenticationMethod / NameIdentifier and Kerberos authentication Tim wrote, excerpting: >The Kerberos protocol is (as you know) defined in IETF RFC1510, however >(you probably didn't know) it is now defined in a IETF draft called >Kerberos clarifications which obsoletes RFC1510 (see >http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-kerberos-clarific a >tions-05.txt). Our documentation needs to reference this correctly. Per the last sentence, this is true but can sometimes be a tricky thing to accomplish. As the general discussion of Internet-Drafts as a document type (http://www.ietf.org/ID.html) states, "Internet-Drafts are not an archival document series. These documents should not be cited or quoted in any formal document. Unrevised documents placed in the Internet-Drafts directories have a maximum life of six months. After that time, they must be updated, or they will be deleted." IETF discussion of revisions and successor drafts to RFC-1510 has been ongoing at least since 1997; while the current clarifications-05 draft has been forwarded to the IESG as a candidate for advancement to RFC, I haven't yet seen any IESG advancement action reported on it. As such, it's still possible that further changes will take place before publication of any subsequent RFC. One common way to handle this in bibliographies is to cite something like "<title of document>, work in progress, IETF <nnn> working group, date.", but (by intent) there's no archival reference that can be assumed stable until RFC publication takes place. --jl
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]