Re: [Curdle] Time to Review IANA SSH Registries Policies?

Sean Turner <sean@sn3rd.com> Thu, 04 February 2021 04:04 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 54A893A0C22 for <curdle@ietfa.amsl.com>; Wed, 3 Feb 2021 20:04:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kfwy-LD_cy4P for <curdle@ietfa.amsl.com>; Wed, 3 Feb 2021 20:04:43 -0800 (PST)
Received: from mail-qk1-x733.google.com (mail-qk1-x733.google.com [IPv6:2607:f8b0:4864:20::733]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8073E3A0C20 for <curdle@ietf.org>; Wed, 3 Feb 2021 20:04:43 -0800 (PST)
Received: by mail-qk1-x733.google.com with SMTP id a12so2112383qkh.10 for <curdle@ietf.org>; Wed, 03 Feb 2021 20:04:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=Rt5dJVHZ0sU3cd1zODfj9wXfFM9xZ9+ecw8QpLd01o8=; b=YCQeIsyfwom1t9D1qVexxUMhrw3GCLSNDrIDAYTqiKP8r+Uqee++5jzfdqZkEEW1Ge 9tZZEytU2gErBjoJXinT/piSe7R+JfUDTCtb02Ax35jO69u/+yvqfNo5H+rDU3un8kLC LzlUdNYxDH1aiCY27Vck+t+k6QDQZ2ZSSG+Jc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=Rt5dJVHZ0sU3cd1zODfj9wXfFM9xZ9+ecw8QpLd01o8=; b=hSMIplHTMWQYI3ZL3wXFkrRSGCP1jZAzCU0HJwS7boBTVdmw1yip+5n0Je5TOB2Qq3 stP2oma7yysTzf+CBlTSMovNBwrs//W1S3jgPKV3jgj2WjHr/njq3BzFnrf0WJS8JSGU bGBxSfN0n36irBY7DxT8gkhL0r2OgPwRN/d4uI70EfiXLwfMrKJUAU6Xzi/+5Ct/HtMX dcJGapfGSFnrXaftwCYN3ZT+1rgzP5LG2RGRRIKfW2mZ7dqwwCzigtx+S5+G57Wd8yt2 vYQKBnFg7RaXELQNr0YHhQGtIF8JyByvLG27Kvf6Ov4a73PHlEZVogCNR+/3wcqPp21u LDAg==
X-Gm-Message-State: AOAM533gizCunV82WKl0TutFYBQuSp0Nb1CKb56fCwircg7sZMYJcPtn CZ6nhk7VZGoFVw4Clh8/4rGQ3g==
X-Google-Smtp-Source: ABdhPJy5rqL7qPNGA5mZgXyvMlHrocDy7ifKVVb1w0We0aoZiJhw1aML4bCvmZ3mWIJCMda+i5tpQA==
X-Received: by 2002:a37:7641:: with SMTP id r62mr6054828qkc.227.1612411482440; Wed, 03 Feb 2021 20:04:42 -0800 (PST)
Received: from [192.168.1.152] (pool-108-31-39-252.washdc.fios.verizon.net. [108.31.39.252]) by smtp.gmail.com with ESMTPSA id o64sm3989475qka.43.2021.02.03.20.04.40 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 03 Feb 2021 20:04:41 -0800 (PST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <A77E7858-C4ED-4DA0-8015-5E67EB921144@sn3rd.com>
Date: Wed, 3 Feb 2021 23:04:39 -0500
Cc: Curdle List <curdle@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <7B98A823-604D-4612-997C-2DC35632901B@sn3rd.com>
References: <A77E7858-C4ED-4DA0-8015-5E67EB921144@sn3rd.com>
To: SSH List <ietf-ssh@netbsd.org>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/JdSFqHBJ6dJ6P2NVFZkK-hjq8vo>
Subject: Re: [Curdle] Time to Review IANA SSH Registries Policies?
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Feb 2021 04:04:46 -0000

Apologies I should have also sent this message to the SSH list.

Cheers,
spt

> On Feb 3, 2021, at 14:51, Sean Turner <sean@sn3rd.com> wrote:
> 
> Hi! The IANA registries for SSH were established long ago when the fashion was to require an RFC to set any value (see https://datatracker.ietf.org/doc/rfc8126/ for definitions of the various registry rules). IPsec, TLS, and others initially did the same thing, but have since backed down the high bar and gone to expert review for many if not all of their registries. Is there interest in reviewing the SSH registries to see if it makes sense to move them to expert review (or some other level)?
> 
> This would likely result in setting up a pool of experts and providing them with some instructions, but that’s been done before for other registries.
> 
> spt