Re: [Curdle] Genart last call review of draft-ietf-curdle-ssh-ext-info-10
"Matthew A. Miller" <linuxwolf+ietf@outer-planes.net> Fri, 28 July 2017 16:05 UTC
Return-Path: <linuxwolf+ietf@outer-planes.net>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A24F2131CE7 for <curdle@ietfa.amsl.com>; Fri, 28 Jul 2017 09:05:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=outer-planes-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sLHyK7kuy9YN for <curdle@ietfa.amsl.com>; Fri, 28 Jul 2017 09:05:09 -0700 (PDT)
Received: from mail-yw0-x234.google.com (mail-yw0-x234.google.com [IPv6:2607:f8b0:4002:c05::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BDCA4131FE4 for <curdle@ietf.org>; Fri, 28 Jul 2017 09:05:08 -0700 (PDT)
Received: by mail-yw0-x234.google.com with SMTP id u207so64838346ywc.3 for <curdle@ietf.org>; Fri, 28 Jul 2017 09:05:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outer-planes-net.20150623.gappssmtp.com; s=20150623; h=sender:subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to; bh=/XT1NiuGZE2tfih6Fzg8BsQWYlWwA+rjHRnSy5L+KmY=; b=t3goYSFtkeGOfTnKr+lXWVjZM00ph+Pbr8eR96u4Xf7M+HpNC0clGnZzCuVah/2tPO bjkcWsGnlDczun4J4OoRTZx2dslWltJVa6zcHIauuv6sUIBPCHp30G8GkPkPl7vP56Bm uVOOBnsDv7qTeX9u7xXWf4kTh4apu0nPeM80rrsZHnNtqEydtdYHc1FSuJ8niEZeEacO A/6wlrysr0zDMpmUngweBmqlwTg8zKak56LAsW6GRbbIexihg5CGKEvhLKcqihZm5JbM 0Joy8CCBsNlFPttmVuIwKCcA0A26Wm+UnONOZeQNzSczQFEyucbHdo00p05pbAgT9cbQ xH7w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:subject:to:cc:references:from:message-id :date:user-agent:mime-version:in-reply-to; bh=/XT1NiuGZE2tfih6Fzg8BsQWYlWwA+rjHRnSy5L+KmY=; b=d6B2TucYu5Gr0U62lbS7B/7kT7ja6qRc3XVyHHRItU6qPNmW79LDYHWcEqIAHyFvbd uO1uNOq9YCWZxTwV4p6kum6Wgd2lpnZdqJGvvSBNJRwkzZL+ZIgHau7UAYLXeIRlLFZS vQu99vhLAXcqWmyTyfN+HqQqr5RoBoJ0+9d5cVrJoY0Wuya70Tfhwodrvpf7hZb9SVw+ Yy1Qsv9LrYMvmpStPMXN2qzkoyeUNZf1uorPRYS7pJB0zsmctBzY/4nG2Bb7A36YHBhc wwRbcJn/duc4UOUuUWuEFK1LdPxIYEQSRYfJJ4iuXawrWLsZMgYmr3USVZFZI6R1fznq HyrQ==
X-Gm-Message-State: AIVw113CBrQq3/UigGLQsaqBCn1hJybNDgsw5tJHxfPETN5aK2B/Zs6g A6DG+a5z7ys6DHSu
X-Received: by 10.129.108.17 with SMTP id h17mr7040897ywc.447.1501257907696; Fri, 28 Jul 2017 09:05:07 -0700 (PDT)
Received: from [10.6.23.170] ([128.177.113.102]) by smtp.gmail.com with ESMTPSA id u196sm3337355ywf.64.2017.07.28.09.05.06 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 28 Jul 2017 09:05:07 -0700 (PDT)
Sender: Matthew Miller <linuxwolf@outer-planes.net>
To: denis bider <denisbider.ietf@gmail.com>
Cc: gen-art@ietf.org, curdle <curdle@ietf.org>, ietf@ietf.org, draft-ietf-curdle-ssh-ext-info.all@ietf.org
References: <150093015937.32021.12465797358778837950@ietfa.amsl.com> <CADPMZDCE+m+_QA7s6vdFOw-7uF4cfV4g8_U07fb-Ydur30OR5g@mail.gmail.com> <1eef6165-9b5b-c354-dffe-5df1e98098fa@outer-planes.net> <CADPMZDDjQoHc9yoYb7sSTa2r7e71DSMdqQ7OEH7neWU0ygKzNw@mail.gmail.com> <CADPMZDC7=BzfohUCmYbQR8LzqY8GauDeGrtJOo97M00attP8Ag@mail.gmail.com>
From: "Matthew A. Miller" <linuxwolf+ietf@outer-planes.net>
Message-ID: <0406a3c8-0400-b0b5-2b09-93bb5078cb0a@outer-planes.net>
Date: Fri, 28 Jul 2017 10:05:04 -0600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:55.0) Gecko/20100101 Thunderbird/55.0
MIME-Version: 1.0
In-Reply-To: <CADPMZDC7=BzfohUCmYbQR8LzqY8GauDeGrtJOo97M00attP8Ag@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="aJCcI3oc7MIhLwqvcFkJjimEiMODAcsw1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/c8XdpfdRvkRzj8dqRKqJJJRxFcs>
Subject: Re: [Curdle] Genart last call review of draft-ietf-curdle-ssh-ext-info-10
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Jul 2017 16:05:12 -0000
Hello Denis, I had other things I needed to attend to, and could not respond until now. I think this new text is much improved, thank you. I find the guidance for an extension's specification to be more vague than I like, but I'm maybe that's effectively addressed with the IANA extension table's registration requirements. Thanks again, - m&m Matthew A. Miller On 17/07/28 00:52, denis bider wrote: > OK, I have uploaded version -11 with language as follows: > > "An extension MAY dictate, where it is specified, that in order to take > effect, both parties must include it in their EXT_INFO; or it MAY be > sufficient that only one party includes it; or other rules MAY be > specified. The relative order in which extensions appear in an EXT_INFO > message MUST be ignored by default; but an extension MAY specify that > the order matters for that extension, in a specific way." > > This seems clearer to me than it was in -10. If you still see room for > improvement, let me know! > > > On Wed, Jul 26, 2017 at 9:09 PM, denis bider <denisbider.ietf@gmail.com > <mailto:denisbider.ietf@gmail.com>> wrote: > > Hello Matthew, > > I'm not sure if I know how to address this better than with the > language so far proposed. > > Perhaps one choice would be to simply remove this paragraph. > However, the reason it was added was because an earlier reviewer > (I'm not sure of the details at this time) raised the question about > whether extension negotiation works like it does for algorithm > lists, such as in e.g. SSH_MSG_KEXINIT. In that case, multiple > algorithms are enumerated by both sides, and only one is chosen that > (1) is enumerated by both sides, and (2) is the first of those to be > enumerated by the client. The main purpose of this paragraph has > been to clarify that extension negotiation does not work that way in > EXT_INFO. > > What language would you propose? Is there some simple language that > would do? How about this? > > "An extension may dictate, where it is specified, that in order to > take effect, both parties must include it in its EXT_INFO; or it may > be sufficient that only one party does; or more complex rules may be > specified." > > > On Wed, Jul 26, 2017 at 1:28 PM, Matthew A. Miller > <linuxwolf+ietf@outer-planes.net > <mailto:linuxwolf+ietf@outer-planes.net>> wrote: > > Thanks very much for the response, Denis. > > I think I understand the intent here, but I'm not sure this new > text is > enough to mitigate some future conflict. I'm also concerned that it > completely ignores the one-party extensions (e.g., an extension > included > in the EXT_INFO by only the client or the server, but not both), and > what the impact is holistically. Looking at the one-party > extensions > defined herein, I can't see how their order matters; but does > that mean > the order will never matter? > > In writing this reply, I wondered if it's better for the order > to always > be irrelevant; an implementation might be allowed to hint its > preferred > order in the EXT_INFO, but implementations are still free to do > whatever > makes sense to them within the bounds of the relevant extension > definitions. If an extension ought to take precedence over another, > make it clear in its specification that it SHOULD (or MUST) be dealt > with before (or after) others. > > Does that make sense? > > > - m&m > > Matthew A. Miller > > On 17/07/25 16:24, denis bider wrote: > > Good catch. I believe this refers to the following paragraph: > > > > "If an extension requires both the client and the server to > include it > > in order for the extension to take effect, the relative > position of the > > extension-name in each EXT_INFO message is irrelevant." > > > > I have drafted the following new wording: > > > > "Unless a particular extension's specification indicates > differently; > > then, if an extension requires both the client and the server > to include > > it in order for the extension to take effect; implementers > MUST use a > > default assumption that the relative position of the > extension-name in > > each EXT_INFO message is irrelevant with respect to whether the > > extension takes effect." > > > > The purpose of this wording is to: > > > > - Provide a sensible default, which is that in the absence of > specific > > knowledge, order of extension names does not matter. > > > > - Allow for deviations in special cases where there is > specific knowledge. > > > > For example, extension "foo-linux" could be specified, but > after some > > years of use, it's observed that it works well for its main > purpose, but > > is not ideal for a server on Windows. Therefore, extension > "foo-windows" > > is specified, which works well when the server is Windows, but > not as > > well when it's Linux. > > > > In this case, an implementation that supports "foo-linux" only > would be > > ignorant of anything else, and would use the default rule > (order of > > extension names does not matter). However, an implementation that > > supports "foo-windows" could implement only that, or both > "foo-linux" > > and "foo-windows". The specification for "foo-windows" could > indicate > > that when both are supported, the first one listed by the > server (or in > > other cases, by the client) is used. > > > > Allowing for such an extension-defined special case would > allow a Linux > > server to advertise extensions [... "foo-linux", ..., > "foo-windows", > > ...], preferring "foo-linux", but supporting the less appropriate > > "foo-windows" mechanism as well. Whereas, a Windows server could > > advertise [... "foo-windows", ..., "foo-linux", ...], preferring > > "foo-windows", but supporting the less appropriate "foo-linux" > mechanism > > as well. > > > > Does this work? > > > > If there are no objections, I'll upload a -11 draft version > with this > > new wording. > > > > > > > > On Mon, Jul 24, 2017 at 3:02 PM, Matthew Miller > > <linuxwolf+ietf@outer-planes.net > <mailto:linuxwolf%2Bietf@outer-planes.net> > > <mailto:linuxwolf+ietf@outer-planes.net > <mailto:linuxwolf%2Bietf@outer-planes.net>>> wrote: > > > > Reviewer: Matthew Miller > > Review result: Ready with Issues > > > > I am the assigned Gen-ART reviewer for this draft. The > General Area > > Review Team (Gen-ART) reviews all IETF documents being > processed > > by the IESG for the IETF Chair. Please treat these > comments just > > like any other last call comments. > > > > For more information, please see the FAQ at > > > > <https://trac.ietf.org/trac/gen/wiki/GenArtfaq > <https://trac.ietf.org/trac/gen/wiki/GenArtfaq> > > <https://trac.ietf.org/trac/gen/wiki/GenArtfaq > <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>>>. > > > > Document: draft-ietf-curdle-ssh-ext-info-10 > > Reviewer: Matthew Miller > > Review Date: 2017-07-24 > > IETF LC End Date: 2017-07-30 > > IESG Telechat date: N/A > > > > Summary: > > > > This document is ready with an issue. > > > > I found this document very coherent and easy to follow. > > > > Major issues: > > > > Minor issues: > > > > My only issue borders on nit, but sided with nit as I can > see it > > potentially causing confusion for an implementer in the > future. > > > > Section 2.5. "Interpretation of Extension Names and > Values" explicitly > > states in the second paragraph a condition where the > relative order of > > extension-names in an EXT_INFO message is irrelevant. > However, the rest > > of the section seems to imply to me that relative order is not > > important; > > so to explicitly call out a scenario seems to imply that > relative order > > *is* relevant/important, sometimes. If relative order is > expected to be > > important most of the time, I think it helpful to > explicitly state that > > and give a rationale for it. > > > > Nits/editorial comments: > > > > * RFC 5226 is referenced by this document, but is > obsoleted by RFC 8126. > > > > > > _______________________________________________ > > Curdle mailing list > > Curdle@ietf.org <mailto:Curdle@ietf.org> > <mailto:Curdle@ietf.org <mailto:Curdle@ietf.org>> > > https://www.ietf.org/mailman/listinfo/curdle > <https://www.ietf.org/mailman/listinfo/curdle> > > <https://www.ietf.org/mailman/listinfo/curdle > <https://www.ietf.org/mailman/listinfo/curdle>> > > > > > > >
- [Curdle] Genart last call review of draft-ietf-cu… Matthew Miller
- Re: [Curdle] Genart last call review of draft-iet… denis bider
- Re: [Curdle] Genart last call review of draft-iet… Matthew A. Miller
- Re: [Curdle] Genart last call review of draft-iet… denis bider
- Re: [Curdle] Genart last call review of draft-iet… denis bider
- Re: [Curdle] Genart last call review of draft-iet… Matthew A. Miller