Re: [Curdle] Time to Review IANA SSH Registries Policies?

Sean Turner <sean@sn3rd.com> Wed, 03 February 2021 20:28 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1307C3A114C for <curdle@ietfa.amsl.com>; Wed, 3 Feb 2021 12:28:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NicddXny4iyI for <curdle@ietfa.amsl.com>; Wed, 3 Feb 2021 12:28:27 -0800 (PST)
Received: from mail-qv1-xf32.google.com (mail-qv1-xf32.google.com [IPv6:2607:f8b0:4864:20::f32]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B7403A1145 for <curdle@ietf.org>; Wed, 3 Feb 2021 12:28:27 -0800 (PST)
Received: by mail-qv1-xf32.google.com with SMTP id a1so621389qvd.13 for <curdle@ietf.org>; Wed, 03 Feb 2021 12:28:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=bTkpDxUyf6XfPRwlRkBcZmbxa0SQcbuy1v7dCR7NVOU=; b=kxbPvUpJlx3E4bJEdlxUp83LORl7urLvmLhi6vejoHmi/LaMwWXgrrdVTI0CE5rEem kbxXqyhNwkxGT9PLkJg+1wYApG2OiUgBaq8T6nQG+m+uH3YStqEc+WiKpzyIDZt6Ie1H iJzSVrztZcPabEac9rkVG2WNxkzXtqHLQSTEs=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=bTkpDxUyf6XfPRwlRkBcZmbxa0SQcbuy1v7dCR7NVOU=; b=LPNz3JegyZHp2Wndz4eACZggCOO0eU7l6yRrtzbSKmlclDs00XnurhQ/CkiBGLRoJn e8bMrOyaTcEAkzJ99TzhKTaD5Olqp5pkzglHVhuzbwVosZNW/xJAI7FnIbzSAbr06hkh PjnGHpLi+PLfsYfor8t9340bZH3rE9BYyRoSKcOETw6Ko4W9cd39C69Un+jOs6r8ApuO lA0xauCZcM2wPOZuQOU1xMYcerBXs6WaJZT9lfb3T6tiFXzL2hdVfa5u8jrc3mJbO2TT +Yy70LbPQ9SKuBohJLorHIFb52VpfAPD0ElrCWb7qrTLRteLIBDzJOVUX/vMKdSErO73 MNkw==
X-Gm-Message-State: AOAM530tR0XKxoHFGv5kWp01ABK1BjkmQA8mdJ1XHjc5HVNYnaeW2cYH r4N6Af5owmJribEVPIHd7bG4C2T0zVm2VKaC
X-Google-Smtp-Source: ABdhPJy7PU6Yqj2OSPjlERTXxaZLLGX4OKJJ07ZBLz66mqwmvxFNbBa5/z6wffB2uarKB/G82QIk7Q==
X-Received: by 2002:a0c:8f09:: with SMTP id z9mr4476020qvd.25.1612384106223; Wed, 03 Feb 2021 12:28:26 -0800 (PST)
Received: from [192.168.1.152] (pool-108-31-39-252.washdc.fios.verizon.net. [108.31.39.252]) by smtp.gmail.com with ESMTPSA id e185sm2590104qkb.127.2021.02.03.12.28.25 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 03 Feb 2021 12:28:25 -0800 (PST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <EDAB8D80-EA88-40CF-A015-8DF66A6A8DF2@akamai.com>
Date: Wed, 3 Feb 2021 15:28:24 -0500
Cc: Curdle List <curdle@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <2CF10E8F-E48B-4C77-B512-1C1FA8D830C7@sn3rd.com>
References: <A77E7858-C4ED-4DA0-8015-5E67EB921144@sn3rd.com> <02E82091-15F9-4C36-96AD-1F88CC2E5594@akamai.com> <367596AB-B583-4105-9099-9055A5E5526F@timeheart.net> <EDAB8D80-EA88-40CF-A015-8DF66A6A8DF2@akamai.com>
To: Ron Frederick <ronf@timeheart.net>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/nbOr2jQncnw5IId44MNZ04UPf3M>
Subject: Re: [Curdle] Time to Review IANA SSH Registries Policies?
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Feb 2021 20:28:29 -0000


> On Feb 3, 2021, at 15:11, Salz, Rich <rsalz@akamai.com> wrote:
> 
>>   I’m not currently familiar with the “expert review” process that’s in place for these other registries right now, but (also speaking as an individual) I’d be interested in learning more and would potentially be interested in participating in such a review depending on the time commitment involved.
> 
> See https://www.rfc-editor.org/rfc/rfc8126.html#page-20 for details.
> 
> The IESG appoints the experts, almost always based on the Area Director's recommendations.

We would set up a designated expert (DE) pool that includes a couple of people. There aren’t all that many requests, but it is good to have more than one person in the pool in case they get hit by a piece of space junk. The DEs are appointed by the IESG, and as Rich noted, are almost always based on AD recommendations. Typically, the AD asks the WG chairs because they have a sense of who has the expertise.

IANA has a registry tool that accepts requests (https://www.iana.org/form/protocol-assignment). To make sure we have oversight into what the DEs are doing that tool will shoot the request to a publicly available mailing list, e.g., ssh-de@iana.org. The experts can self-manage who reviews the request; sometimes there is an agreement to do round-robin but in my experience it is who gets to it first.

When we write up the I-D that would make this change we can also specify a review period after which the ADs just back in the mix; typically it’s two weeks from request. Likewise, we can also provide some guidance for the DEs and maybe a disclaimer that says the DEs are doing and to not infer anything beyond that. E.g., in TLS some people were touting that they had a registry entry as if it was some kind of endorsement from the WG, when in fact nothing was farther from the truth.

The DEs could also provide updates the chairs at every IETF meeting to highlight the assignments that were made since the last meeting.

spt