Re: [Curdle] Time to Review IANA SSH Registries Policies?

"Mark D. Baushke" <mdb@juniper.net> Wed, 03 February 2021 20:26 UTC

Return-Path: <mdb@juniper.net>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 742283A113F for <curdle@ietfa.amsl.com>; Wed, 3 Feb 2021 12:26:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.348
X-Spam-Level:
X-Spam-Status: No, score=-2.348 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.25, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b=ZdYqjxrn; dkim=pass (1024-bit key) header.d=juniper.net header.b=RnLrYnqT
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9QkVrJJlZrL4 for <curdle@ietfa.amsl.com>; Wed, 3 Feb 2021 12:26:15 -0800 (PST)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE0E83A113E for <curdle@ietf.org>; Wed, 3 Feb 2021 12:26:15 -0800 (PST)
Received: from pps.filterd (m0108156.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 113KPvnB018909; Wed, 3 Feb 2021 12:26:15 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=to : cc : subject : in-reply-to : references : from : mime-version : content-type : content-transfer-encoding : date : message-id; s=PPS1017; bh=vhuFm4l8npW95pTHYY0SY1CgRgYBFtW5+n3amWAdkEA=; b=ZdYqjxrnKMFbVldoAf+x4k090YEDljFfb8S7yMQL7a81e7K80cmoIkZcyaMFXXwBM1Yz h35qwl4ipfskS7lAh4odIXQs4Gw9F7Y65Cb02AtWotorxl3rc7cZL+WTF3egAKEv0+aK wHu9BuJnh/bx6hE3HXnzv4mX7VvSiRPKrQtWVGyq8ko29mXNVSuIcKrEFhih3iYtPam/ pg7YCWJ22KYg6dqZcCmVrsZRCH42CTZw56mVRaX9VNQIuJPUsvn2ylppoaBId50xyusG vfSKFDYFyY1Pef71RfLl6+X5HvAVikup7MXw1khD30QuiETtMXsMbFxIc7VN4sv7dxB/ lA==
Received: from nam11-co1-obe.outbound.protection.outlook.com (mail-co1nam11lp2174.outbound.protection.outlook.com [104.47.56.174]) by mx0a-00273201.pphosted.com with ESMTP id 36fek6t3jr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 03 Feb 2021 12:26:15 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=A22J99Ux/gVZnwugDxdZJAiTFGLSzOD1wfHrHyofX9W/jFnOfe9gSb+1UNRe/kHt442zvaHdTtfJVR9LyF1gSPo+dNnGp4+flqbH/Kkp+/8t4lgFFG6+bBLV6rdLgqlNrBiKJyYKV3+WxXcRF0RD+Z8AbFuMiHMPz7IUw4Lns7m+vqmgdCrb8ClHrr6F8M+p4U/q1HjSBo4hdRZ9FMjIUZzcm5wQBLasY+isNKpD4IPjidmG5I+gwIhlPEhNFpQofhikF/Pn52ajruVtOmkbWwm4xMQRcuHYnbrRFpOCCU8UvxdYnezb47gqxUDPnZtMKV+p05ogJAFP5Q4/EuArQQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vhuFm4l8npW95pTHYY0SY1CgRgYBFtW5+n3amWAdkEA=; b=B8tH8rOKVggpcEhZ9fhX2+uKqCA4OaaUiZhm605apseUJPXbsYnWxnFaZ+jTEMNrTjErAX2U+0YZn0R9H0gru24XPy8AmCEyH78bMiULdp9wVpLlwnY3vn2s6v7qxnOxtGg+1MNExl4qYz/4DONl707BbqbutJ+UOwoSDQijnv++y1/Ff0widyvKPQ+HCk6Q7kwVn/M+Fn2rbP63/r4yDIaD0hH7pbJcJxEg92hyRSFpI1W3ANIslQ3+LCGZ3t7p0dP2nPBaLUgtofJwVRD9OVbfKQDymLPzXNka4RR3RT7XiNs09LDLG5iUNhLxe0Kpw6wUdf1UJNuPameg3bVYJg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=softfail (sender ip is 66.129.242.13) smtp.rcpttodomain=ietf.org smtp.mailfrom=juniper.net; dmarc=fail (p=reject sp=reject pct=100) action=oreject header.from=juniper.net; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vhuFm4l8npW95pTHYY0SY1CgRgYBFtW5+n3amWAdkEA=; b=RnLrYnqTixyHJ31l66hDnJwCdjoP4lfgkKuEtGuWOQhevLbdrErMwWwUw11UeG9rlnQM7VwDCTPQNDBwHCPZ9ERNbErnn68OAJMybIP7g7iEk9KhETyGtZy7BcNjn4xxhgHCApTUGOT4Aqr2xjkNOfIBFQOsQMueylfZIc9ppI0=
Received: from BN9PR03CA0062.namprd03.prod.outlook.com (2603:10b6:408:fc::7) by BYAPR05MB5224.namprd05.prod.outlook.com (2603:10b6:a03:9b::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3825.8; Wed, 3 Feb 2021 20:26:11 +0000
Received: from BN8NAM12FT013.eop-nam12.prod.protection.outlook.com (2603:10b6:408:fc:cafe::7b) by BN9PR03CA0062.outlook.office365.com (2603:10b6:408:fc::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3805.18 via Frontend Transport; Wed, 3 Feb 2021 20:26:11 +0000
X-MS-Exchange-Authentication-Results: spf=softfail (sender IP is 66.129.242.13) smtp.mailfrom=juniper.net; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=fail action=oreject header.from=juniper.net;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.242.13 as permitted sender)
Received: from P-EXFEND-EQX-02.jnpr.net (66.129.242.13) by BN8NAM12FT013.mail.protection.outlook.com (10.13.182.227) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.3805.6 via Frontend Transport; Wed, 3 Feb 2021 20:26:10 +0000
Received: from P-EXBEND-EQX-02.jnpr.net (10.104.8.53) by P-EXFEND-EQX-02.jnpr.net (10.104.8.55) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 3 Feb 2021 12:26:10 -0800
Received: from p-mailhub01.juniper.net (10.104.20.6) by P-EXBEND-EQX-02.jnpr.net (10.104.8.53) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Wed, 3 Feb 2021 12:26:10 -0800
Received: from eng-mail03.juniper.net (eng-mail03.juniper.net [10.108.22.11]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id 113KQ9NO009723; Wed, 3 Feb 2021 12:26:09 -0800 (envelope-from mdb@juniper.net)
Received: from eng-mail03 (localhost [127.0.0.1]) by eng-mail03.juniper.net (8.16.1/8.14.9) with ESMTP id 113KSPYv080041; Wed, 3 Feb 2021 12:28:25 -0800 (PST) (envelope-from mdb@juniper.net)
To: Sean Turner <sean@sn3rd.com>
CC: Curdle List <curdle@ietf.org>
In-Reply-To: <A77E7858-C4ED-4DA0-8015-5E67EB921144@sn3rd.com>
References: <A77E7858-C4ED-4DA0-8015-5E67EB921144@sn3rd.com>
Comments: In-reply-to: Sean Turner <sean@sn3rd.com> message dated "Wed, 03 Feb 2021 14:51:28 -0500."
From: "Mark D. Baushke" <mdb@juniper.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Date: Wed, 3 Feb 2021 12:28:20 -0800
Message-ID: <80040.1612384100@eng-mail03>
X-EXCLAIMER-MD-CONFIG: e3cb0ff2-54e7-4646-8a04-0dae4ac7b136
X-EOPAttributedMessage: 0
X-MS-Office365-Filtering-HT: Tenant
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: f9ccaa3c-4c1d-4d71-9532-08d8c881f221
X-MS-TrafficTypeDiagnostic: BYAPR05MB5224:
X-Microsoft-Antispam-PRVS: <BYAPR05MB522442BF680C583769F55520BFB49@BYAPR05MB5224.namprd05.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: Bz6q0OZeMokibVJCiSi8NLLGxWqu9pK7kkZ9DCizw1ZIZZgi6FOohRfG4zL9aMQPV7wz/oFhOsLa27cilNWFPjiV/vYU8LZq1LfeRy16G/ep7X0an5ulTGH0wodRdrWZ20ZYindq8Uw/9Gy3uSMGqDY8ARb1mdHtvsqPVF7kWJklIhglmxSHdMpZylgVsEBL2QWcwNTBGIx4gb1Qs7t1xexqFfTl3tnufOdmyIJqktXeMTxzFoOLJgHdwWHdw2uY0oPqAVKNFGU1FyTgTUo/n9sXOsTcJiU4qjzM4MIBH1Q4dOhaNZu1AIRgeLugzTZHOEfa0T868FYKxnVAU9fZG/X263M1rNoxlh7SNZWU0aJYKOxnG8d41zvs784QPiF/fNmyRWVImHvA81Czyx5jwimNGIQP9UalQ6Fubbo0cj9wm3Yv/z6pOatqc6rnoM+XFvl3HV9oaUnz7xz2EeykMkTBgGhNviYuW4Ui9fTHZpamIBGDxakhRtjdWW96uMgOnLCs2rhsDHcLDeH5V63hFqgv3AXzj2ULlZgqZKOC8EsOAE1x65zLCeiKwlC695UFyEt/SbonIqT5RKcfS8aVZhrvqs2GDmZcMRLxdTX+ObguIdPYYuya5oqZYKvJpHSVI9fEjXzGiYw2FooOjzv9a809sO+DnDylO8bdtKilo+r05c7kTD0eyzT03lN0u3YtKlFzWC45VeXhdKq2TLk9LMcPcFWPMLrWpQVEFYVUGH3yBzfnJOakwqHVDVwab19k4FjOJntJxACuDnp20R8IAI+WHiO1koqNiiJlmRGQQcs=
X-Forefront-Antispam-Report: CIP:66.129.242.13; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:P-EXFEND-EQX-02.jnpr.net; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(4636009)(39860400002)(346002)(396003)(136003)(376002)(46966006)(36840700001)(82740400003)(4326008)(186003)(83380400001)(966005)(36860700001)(86362001)(6666004)(5660300002)(82310400003)(8936002)(7126003)(70206006)(8676002)(478600001)(26005)(316002)(33716001)(6916009)(336012)(9686003)(81166007)(356005)(70586007)(2906002)(426003)(47076005)(36900700001)(62816006); DIR:OUT; SFP:1102;
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Feb 2021 20:26:10.9979 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: f9ccaa3c-4c1d-4d71-9532-08d8c881f221
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.242.13]; Helo=[P-EXFEND-EQX-02.jnpr.net]
X-MS-Exchange-CrossTenant-AuthSource: BN8NAM12FT013.eop-nam12.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR05MB5224
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369, 18.0.737 definitions=2021-02-03_08:2021-02-03, 2021-02-03 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 adultscore=0 spamscore=0 clxscore=1011 bulkscore=0 phishscore=0 suspectscore=0 lowpriorityscore=0 priorityscore=1501 malwarescore=0 mlxscore=0 impostorscore=0 mlxlogscore=734 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2102030121
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/LhD1O6iQkv3DJUHWeKemjVa6paY>
Subject: Re: [Curdle] Time to Review IANA SSH Registries Policies?
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Feb 2021 20:26:18 -0000

Sean Turner <sean@sn3rd.com> writes:

> Hi! The IANA registries for SSH were established long ago when the
> fashion was to require an RFC to set any value (see
> https://datatracker.ietf.org/doc/rfc8126/ for definitions of the
> various registry rules). IPsec, TLS, and others initially did the same
> thing, but have since backed down the high bar and gone to expert
> review for many if not all of their registries. Is there interest in
> reviewing the SSH registries to see if it makes sense to move them to
> expert review (or some other level)?

I suppose Expert Review is a possibly. I am not entirely sure how the
current Area Directors will select the pool names of experts to provide
to the IESG. The SSH working group mailing list is still running, but
that group was disbanded long ago and CURdle is in the process of
wrapping up right now.

> This would likely result in setting up a pool of experts and providing
> them with some instructions, but that’s been done before for other
> registries.

True, but I am under the impression that the pool of experts were being
drawn from highly active groups.

I agree that an update to

  https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml

may be useful. Possibly to even include commonly used private extensions
for some of the options.

	-- Mark