Re: [Curdle] Alissa Cooper's Discuss on draft-ietf-curdle-gss-keyex-sha2-09: (with DISCUSS)
Adam Roach <adam@nostrum.com> Tue, 25 June 2019 17:26 UTC
Return-Path: <adam@nostrum.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E2860120996 for <curdle@ietfa.amsl.com>; Tue, 25 Jun 2019 10:26:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.679
X-Spam-Level:
X-Spam-Status: No, score=-1.679 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=nostrum.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id djh6JZEjwaXM for <curdle@ietfa.amsl.com>; Tue, 25 Jun 2019 10:26:09 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 433D6120916 for <curdle@ietf.org>; Tue, 25 Jun 2019 10:26:09 -0700 (PDT)
Received: from MacBook-Pro.roach.at (99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id x5PHQ5xl057935 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Tue, 25 Jun 2019 12:26:06 -0500 (CDT) (envelope-from adam@nostrum.com)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nostrum.com; s=default; t=1561483568; bh=yype2QVvgIebnVJ6GoidivhYm3gdrxsyG0rQAp30Jz4=; h=Subject:To:Cc:References:From:Date:In-Reply-To; b=Ua2KnTw9A2lP7ewg3RUB3haMQUqd3Sskx+vRFT9SVYRZjTLDxYjfaRdm65E6BCT7P 0Ig3ZnpcZMfVWTN/O+HAK9jiNEt2gQnjdS+7plWX4eP67ntoMdEXrCfm6OebA3YHAn 2lHmsb4iXqWIE7Scd10/BIM8NduZvnd/2d2H298c=
X-Authentication-Warning: raven.nostrum.com: Host 99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228] claimed to be MacBook-Pro.roach.at
To: Benjamin Kaduk <kaduk@mit.edu>
Cc: Alissa Cooper <alissa@cooperw.in>, draft-ietf-curdle-gss-keyex-sha2@ietf.org, daniel.migault@ericsson.com, curdle-chairs@ietf.org, curdle@ietf.org, The IESG <iesg@ietf.org>
References: <156140748841.17734.7894701055354347252.idtracker@ietfa.amsl.com> <20190624201955.GD48838@kduck.mit.edu> <7c69e798-73ea-e054-7416-20bb7632eb29@nostrum.com> <20190625165308.GT48838@kduck.mit.edu>
From: Adam Roach <adam@nostrum.com>
Message-ID: <00b4aa86-a4de-df63-8a0a-da45876f67fb@nostrum.com>
Date: Tue, 25 Jun 2019 12:26:00 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.7.2
MIME-Version: 1.0
In-Reply-To: <20190625165308.GT48838@kduck.mit.edu>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/IIJP2wos5393g2humnUrGrSfmlg>
Subject: Re: [Curdle] Alissa Cooper's Discuss on draft-ietf-curdle-gss-keyex-sha2-09: (with DISCUSS)
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Jun 2019 17:26:11 -0000
On 6/25/19 11:53 AM, Benjamin Kaduk wrote: > On Tue, Jun 25, 2019 at 11:49:21AM -0500, Adam Roach wrote: >> On 6/24/19 3:19 PM, Benjamin Kaduk wrote: >>> On Mon, Jun 24, 2019 at 01:18:08PM -0700, Alissa Cooper via Datatracker wrote: >>>> Alissa Cooper has entered the following ballot position for >>>> draft-ietf-curdle-gss-keyex-sha2-09: Discuss >>>> >>>> When responding, please keep the subject line intact and reply to all >>>> email addresses included in the To and CC lines. (Feel free to cut this >>>> introductory paragraph, however.) >>>> >>>> >>>> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html >>>> for more information about IESG DISCUSS and COMMENT positions. >>>> >>>> >>>> The document, along with other ballot positions, can be found here: >>>> https://datatracker.ietf.org/doc/draft-ietf-curdle-gss-keyex-sha2/ >>>> >>>> >>>> >>>> ---------------------------------------------------------------------- >>>> DISCUSS: >>>> ---------------------------------------------------------------------- >>>> >>>> "The IESG is considered to be the owner of all these key exchange >>>> methods; this does NOT imply that the IESG is considered to be the >>>> owner of the underlying GSS-API mechanism." >>>> >>>> I don't understand this text. What does it mean for the IESG to be the owner of a method? >>> The IESG has change control for the SSH key exchange method; the IESG does >>> not necessarily have change control for the underlying GSS-API mechanism. >> >> I'm confused. Your statement would imply that one of the following is false: >> >> 1. GSS-API is authoritatively defined by RFC 2743 >> 2. RFC 2743 is an IETF-stream document >> 3. The IESG is responsible for change control of IETF-stream documents >> >> Which of these have I misunderstood? > None of them :) > > "GSS-API mechanism" is a term of art for a cryptographic service provider, > identified by OID, that implements the underlyin functionality of the > GSS-API. While the GSS-API framework is defined by RFC 2743, anyone that > can allocate an OID can specify a GSS-API mechanism corresponding to that > OID, and the IETF cannot try to assert change control over that > cryptographic provider. > > Does that help? Oh! Yes, that's much clearer, thanks. I hear you saying that there's a one-to-one correspondence. I think replacing "underlying" with "corresponding" might avoid similar confusion by others. /a
- [Curdle] Alissa Cooper's Discuss on draft-ietf-cu… Alissa Cooper via Datatracker
- Re: [Curdle] Alissa Cooper's Discuss on draft-iet… Benjamin Kaduk
- Re: [Curdle] Alissa Cooper's Discuss on draft-iet… Alissa Cooper
- Re: [Curdle] Alissa Cooper's Discuss on draft-iet… Benjamin Kaduk
- Re: [Curdle] Alissa Cooper's Discuss on draft-iet… Simo Sorce
- Re: [Curdle] Alissa Cooper's Discuss on draft-iet… Alissa Cooper
- Re: [Curdle] Alissa Cooper's Discuss on draft-iet… Alissa Cooper
- Re: [Curdle] Alissa Cooper's Discuss on draft-iet… Mirja Kuehlewind
- Re: [Curdle] Alissa Cooper's Discuss on draft-iet… Adam Roach
- Re: [Curdle] Alissa Cooper's Discuss on draft-iet… Benjamin Kaduk
- Re: [Curdle] Alissa Cooper's Discuss on draft-iet… Adam Roach