Re: [Curdle] Time to Review IANA SSH Registries Policies?

"Jeffrey T. Hutzelman" <> Thu, 04 February 2021 22:12 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 3802D3A189D for <>; Thu, 4 Feb 2021 14:12:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id DC6I8tJ7A0Jr for <>; Thu, 4 Feb 2021 14:12:42 -0800 (PST)
Received: from (RELAY-EXCH-04.ANDREW.CMU.EDU []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 759F93A18B1 for <>; Thu, 4 Feb 2021 14:12:41 -0800 (PST)
Received: from (DCNS-MSGP-04.ANDREW.AD.CMU.EDU []) by (8.15.2/8.15.2) with ESMTPS id 114MCeH4020367 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 4 Feb 2021 17:12:40 -0500
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2176.2; Thu, 4 Feb 2021 17:12:40 -0500
Received: from ([]) by ([]) with mapi id 15.01.2176.002; Thu, 4 Feb 2021 17:12:40 -0500
From: "Jeffrey T. Hutzelman" <>
To: Sean Turner <>, SSH List <>
CC: Curdle List <>
Thread-Topic: Time to Review IANA SSH Registries Policies?
Thread-Index: AQHW+rm7Ay67wAe4RU+dnQKQj9COJqpH4+iA
Date: Thu, 4 Feb 2021 22:12:40 +0000
Message-ID: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_f1f5c690f37f4eca883450b5f44591a7cmuedu_"
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.78 on
Archived-At: <>
Subject: Re: [Curdle] Time to Review IANA SSH Registries Policies?
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 04 Feb 2021 22:12:45 -0000

I'm not specifically opposed to this, but many of ssh's registries are for string identifiers (e.g. algorithm names) where there is a straightforward mechanism for individual implementors to define unique, interoperable identifiers without going through the registry (specifically, identifiers of the form name@domain are permitted, as assigned by the owner of that domain).

Certain values, such as message numbers, are small, and thus scarce. The current policy for these is Standards Action, which IMHO is appropriate giving the size of the available namespace as well as the core protocol functions they serve. For the most part, it is intended that new values for these codes would be allocated only as part of a revision of the base protocol suite, rather than in an extension.

That said, there are some other attributes (particularly, disconnect reasons, channel open failure reasons, and extended channel data types) for which significant namespace is managed under the IETF Review policy, with a small portion set aside for private use. It does seem like it would be reasonable to update these to use Expert Review instead. The ultimate question, then, is whether it is worth the (admittedly small) effort.

-- Jeff

From: Sean Turner <>
Sent: Thursday, February 4, 2021 00:51
To: SSH List
Cc: Curdle List
Subject: Re: Time to Review IANA SSH Registries Policies?

Apologies I should have also sent this message to the SSH list.


> On Feb 3, 2021, at 14:51, Sean Turner <> wrote:
> Hi! The IANA registries for SSH were established long ago when the fashion was to require an RFC to set any value (see for definitions of the various registry rules). IPsec, TLS, and others initially did the same thing, but have since backed down the high bar and gone to expert review for many if not all of their registries. Is there interest in reviewing the SSH registries to see if it makes sense to move them to expert review (or some other level)?
> This would likely result in setting up a pool of experts and providing them with some instructions, but that’s been done before for other registries.
> spt