Re: [Curdle] Alissa Cooper's Discuss on draft-ietf-curdle-gss-keyex-sha2-09: (with DISCUSS)
Benjamin Kaduk <kaduk@mit.edu> Tue, 25 June 2019 16:53 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3AAA120131; Tue, 25 Jun 2019 09:53:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P566sJm4Ju1E; Tue, 25 Jun 2019 09:53:41 -0700 (PDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 678281208E5; Tue, 25 Jun 2019 09:53:22 -0700 (PDT)
Received: from kduck.mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x5PGr9p3007125 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 25 Jun 2019 12:53:12 -0400
Date: Tue, 25 Jun 2019 11:53:09 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: Adam Roach <adam@nostrum.com>
Cc: Alissa Cooper <alissa@cooperw.in>, draft-ietf-curdle-gss-keyex-sha2@ietf.org, daniel.migault@ericsson.com, curdle-chairs@ietf.org, curdle@ietf.org, The IESG <iesg@ietf.org>
Message-ID: <20190625165308.GT48838@kduck.mit.edu>
References: <156140748841.17734.7894701055354347252.idtracker@ietfa.amsl.com> <20190624201955.GD48838@kduck.mit.edu> <7c69e798-73ea-e054-7416-20bb7632eb29@nostrum.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <7c69e798-73ea-e054-7416-20bb7632eb29@nostrum.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/cXDxkWJS7xtChMT1G1y-xLxCtJk>
Subject: Re: [Curdle] Alissa Cooper's Discuss on draft-ietf-curdle-gss-keyex-sha2-09: (with DISCUSS)
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Jun 2019 16:53:44 -0000
On Tue, Jun 25, 2019 at 11:49:21AM -0500, Adam Roach wrote: > On 6/24/19 3:19 PM, Benjamin Kaduk wrote: > > On Mon, Jun 24, 2019 at 01:18:08PM -0700, Alissa Cooper via Datatracker wrote: > >> Alissa Cooper has entered the following ballot position for > >> draft-ietf-curdle-gss-keyex-sha2-09: Discuss > >> > >> When responding, please keep the subject line intact and reply to all > >> email addresses included in the To and CC lines. (Feel free to cut this > >> introductory paragraph, however.) > >> > >> > >> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > >> for more information about IESG DISCUSS and COMMENT positions. > >> > >> > >> The document, along with other ballot positions, can be found here: > >> https://datatracker.ietf.org/doc/draft-ietf-curdle-gss-keyex-sha2/ > >> > >> > >> > >> ---------------------------------------------------------------------- > >> DISCUSS: > >> ---------------------------------------------------------------------- > >> > >> "The IESG is considered to be the owner of all these key exchange > >> methods; this does NOT imply that the IESG is considered to be the > >> owner of the underlying GSS-API mechanism." > >> > >> I don't understand this text. What does it mean for the IESG to be the owner of a method? > > The IESG has change control for the SSH key exchange method; the IESG does > > not necessarily have change control for the underlying GSS-API mechanism. > > > I'm confused. Your statement would imply that one of the following is false: > > 1. GSS-API is authoritatively defined by RFC 2743 > 2. RFC 2743 is an IETF-stream document > 3. The IESG is responsible for change control of IETF-stream documents > > Which of these have I misunderstood? None of them :) "GSS-API mechanism" is a term of art for a cryptographic service provider, identified by OID, that implements the underlyin functionality of the GSS-API. While the GSS-API framework is defined by RFC 2743, anyone that can allocate an OID can specify a GSS-API mechanism corresponding to that OID, and the IETF cannot try to assert change control over that cryptographic provider. Does that help? -Ben
- [Curdle] Alissa Cooper's Discuss on draft-ietf-cu… Alissa Cooper via Datatracker
- Re: [Curdle] Alissa Cooper's Discuss on draft-iet… Benjamin Kaduk
- Re: [Curdle] Alissa Cooper's Discuss on draft-iet… Alissa Cooper
- Re: [Curdle] Alissa Cooper's Discuss on draft-iet… Benjamin Kaduk
- Re: [Curdle] Alissa Cooper's Discuss on draft-iet… Simo Sorce
- Re: [Curdle] Alissa Cooper's Discuss on draft-iet… Alissa Cooper
- Re: [Curdle] Alissa Cooper's Discuss on draft-iet… Alissa Cooper
- Re: [Curdle] Alissa Cooper's Discuss on draft-iet… Mirja Kuehlewind
- Re: [Curdle] Alissa Cooper's Discuss on draft-iet… Adam Roach
- Re: [Curdle] Alissa Cooper's Discuss on draft-iet… Benjamin Kaduk
- Re: [Curdle] Alissa Cooper's Discuss on draft-iet… Adam Roach