RFC Errata
Found 1 record.
Status: Held for Document Update (1)
RFC 3495, "Dynamic Host Configuration Protocol (DHCP) Option for CableLabs Client Configuration", March 2003
Source of RFC: dhc (int)
Errata ID: 4128
Status: Held for Document Update
Type: Editorial
Publication Format(s) : TEXT
Reported By: Bernie Volz
Date Reported: 2014-10-10
Held for Document Update by: Brian Haberman
Date Held: 2015-04-22
Section 5.5. says:
The PacketCable architecture requires an MTA to authenticate itself
to the TSP's network via the Kerberos protocol. A Kerberos Realm
name is required at the MTA to permit a DNS lookup for the address of
the TSP's Kerberos Key Distribution Center (KDC) entity.
The Kerberos Realm name MUST be encoded per the domain style realm
name described in RFC 1510 [5]. This realm name MUST be all capital
letters and conform to the syntax described in RFC 1035 [3] section
3.1. The sub-option is encoded as follows:
Code Len Kerberos Realm Name
+-----+-----+-----+-----+ +-----+
| 6 | n | k1 | k2 |...| kn |
+-----+-----+-----+-----+ +-----+
It should say:
The PacketCable architecture requires an MTA to authenticate itself
to the TSP's network via the Kerberos protocol. A Kerberos Realm
name is required at the MTA to permit a DNS lookup for the address of
the TSP's Kerberos Key Distribution Center (KDC) entity.
The Kerberos Realm name MUST be use a domain style realm name
described in RFC 1510 [5]. This realm name MUST be all capital
letters and be encoded as described in RFC 1035 [3] section 3.1.
The sub-option is encoded as follows:
Code Len Kerberos Realm Name
+-----+-----+-----+-----+ +-----+
| 6 | n | k1 | k2 |...| kn |
+-----+-----+-----+-----+ +-----+
Where k1...kn is the "DNS wire" encoded realm name (see RFC 3315,
section 8). Thus, the realm "BASIC.1" is encoded as
"\005BASIC\0011\000".
Notes:
This text is not completely clear about how the realm name is to be encoded - as a 'string' or 'fqdn'.
RFC 1510 states:
Kerberos realms are encoded as GeneralStrings. Realms shall not
contain a character with the code 0 (the ASCII NUL). Most realms
will usually consist of several components separated by periods (.),
in the style of Internet Domain Names, or separated by slashes (/) in
the style of X.500 names.
And the reference to RFC 1035 section 3.1 is "conform to the syntax" which isn't the same as use this encoding - though I do agree that section 3.1 is mostly about "DNS wire encoding". It is just the use of "encoded" and "confirm to the syntax" combination that makes this unclear.
It is believed that the intended encoding is in DNS wire format. And, this should be clarified.