Re: [Curdle] Time to Review IANA SSH Registries Policies?

denis bider <> Tue, 09 February 2021 03:21 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E45B53A185C for <>; Mon, 8 Feb 2021 19:21:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id U5F0uhvxGQrq for <>; Mon, 8 Feb 2021 19:21:48 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 9BF003A185B for <>; Mon, 8 Feb 2021 19:21:48 -0800 (PST)
Received: by with SMTP id 18so6879964oiz.7 for <>; Mon, 08 Feb 2021 19:21:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=UMQUEJXyH+DqfkLNY+XmlDtebnmB9bteqyovPjutvO8=; b=aejxcFuyCYrUrdr6P1TrjbAm/bcK1Z6+OvetGRZDRb2VYv4quC1PJ1Dy/SIxomdhyD wG7JOrLNQW1nWO4wpBD641RO9Wf9J4JlJ/MIGNri9k4LtraDGOBYc6aVrwe4JVLMTRXT y35PXktzAaSAgVRVtSwm+HyV4F8bxs0J8lBlaN6s0AyiA77WTxdO9pUrJ1BC2jslcjHs jDaByZ97SAYgYqrdjNFd8hdPCLook7+UkT+wU/PC1L3wV9J48PQlFB/dsMAAvuAmFyl/ qRg4oD7j4eqkBA6N68/JMj/eCQO6tGsSeAgRW3kr1YLHxrod10fcX+q3LfS/m3KqoCLk o09w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=UMQUEJXyH+DqfkLNY+XmlDtebnmB9bteqyovPjutvO8=; b=HL48W//IpJwruC5CVEYsqaS2PBPCjB/5LXTVxlZ3E+dWeplZJ4qqAjv1ipvvhIqr/k DQFIZJAmqbJCLHS8KSg2++lswxCFW7lcA/dbO3ntcER5tcC9/mkL41epJUTPSUc6tZXE KANSYgJWyz3BrzihhCmjcIkI0G7robqROFGYiTyAhGwVbQBxhyB3EiiHvzEhGAThOWtL UKoQRr+kxJnU8NS6JoqpwGBlhxF9w8gNRxwVvUUS9OefCdKBMtkqw3lOGm6ZfXkJXl6A AJYbT6qlu2bSpMijHeubBrCDhw/htrv4yse7M8G2u1tlApWsadH+fNP90k/1oinvjIYU I0Uw==
X-Gm-Message-State: AOAM533BwPpUKuKAVA5bicbo1jgVbbLBRVm/fU5fmLr/stBt0qRdIdv/ cpVAv/QQPrgosGfipsXO92E3aTnS1/8yvsWtVAg=
X-Google-Smtp-Source: ABdhPJzK1Q8swL5mk5GS5MB708phu3RfH4TXGy6cBvvmfSsRim3/3xHtxyp8Dm9iUI2dVAVOMgPUENwBFdIex++2qj4=
X-Received: by 2002:aca:5483:: with SMTP id i125mr1233953oib.61.1612840907752; Mon, 08 Feb 2021 19:21:47 -0800 (PST)
MIME-Version: 1.0
References: <> <> <> <> <> <> <>
In-Reply-To: <>
From: denis bider <>
Date: Mon, 8 Feb 2021 21:21:36 -0600
Message-ID: <>
To: Phillip Hallam-Baker <>
Cc: Curdle List <>
Content-Type: multipart/alternative; boundary="00000000000062cb5b05badec900"
Archived-At: <>
Subject: Re: [Curdle] Time to Review IANA SSH Registries Policies?
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 09 Feb 2021 03:21:51 -0000

Off topic now, so just a short reply:

> It took 200 years to invent science and start to differentiate actual
knowledge from the nonsense.

The success of science so far to actually do that is greatly overestimated.
This is especially true for biology, psychology and medicine, and this
popular overestimate is extremely dangerous. It is now leading to tyranny
of wrong science.

> When are we going to do that for the Web?

Hopefully never, because everything "reputable" right now is MALICIOUSLY
wrong. One must consult "conspiracy theorists" to find kernels of truth,
since it is being wiped from everywhere else.

On Mon, Feb 8, 2021 at 11:03 AM Phillip Hallam-Baker <>

> I don't think it is malice. I think it is more a reluctance to take
> actions that may have unknown consequences.
> And of course, anyone paying attention to what the Internet was designed
> to do from the very start should realize that the consequences we worry
> about at the protocol level are ridiculously trivial compared to the social
> impact.
> The Arab Spring was not an unforeseen consequence, or at least not in
> form. I was talking to people setting up Web servers in Sarajevo during the
> siege back in 1993.
> Of course every major advance in human history has come in the wake of a
> major change in communications technology: Guttenberg, paper from wood
> pulp, telegraph, telephone, radio, television. But take a deeper look at
> what happened and it might surprise you.
> Guttenberg's press allowed information to flow freely, Aldud Maneutius
> invented the codex book that would fit in a saddlebag. And now Thomas Moore
> could read every book just like I once read every page on the Web. And
> the man who knew everything still knew nothing because the vast majority of
> the content of every book in print was nonsense.
> It took 200 years to invent science and start to differentiate actual
> knowledge from the nonsense. When are we going to do that for the Web?
> Worrying that it might be premature to allocate a .Well-known port...
> seems kinda trivial.
> On Mon, Feb 8, 2021 at 11:47 AM denis bider <>
> wrote:
>> :D
>> Well argued.
>> The thing with a person or group getting out of the way is that this
>> vacates the opportunity for being in the way. The opportunity continues to
>> exist and becomes open to the next person.
>> This is generally the problem with power. Things work better with
>> coordination. We're therefore willing to pay a substantial cost to
>> coordinate. The role of the coordinator is a form of power. This power
>> works best if the coordinator coordinates, and otherwise gets out of the
>> way. But to use power in restrained ways is to serve, and to serve is a
>> burden. Therefore, the people who apply for such positions are (1)
>> reluctant volunteers who would serve, and (2) folks who see it as an
>> opportunity to "lead" and "govern".
>> Reluctant volunteers will gladly step away in favor of those who have
>> more enthusiasm, and those who have more enthusiasm are the ones who would
>> "lead" and "govern". And that's how we simultaneously want and need
>> coordination, but somehow it always devolves into some kind of tyranny.
>> Speaking very generally, the IETF is just a microcosm and a special case.
>> On Sun, Feb 7, 2021 at 9:41 PM Phillip Hallam-Baker <
>>> wrote:
>>> +1
>>> Registration processes can very easily turn into ring kissing
>>> requirements. And especially so when the authority is a voluntary
>>> organization.
>>> Lots of people get really, really excited at the idea that they are
>>> adding value by preventing work that might lead to vague, consequences that
>>> they can't quite put their finger on.
>>> And then when people go through the process and end up waiting six
>>> months for those people to make up their minds, well we are a
>>> voluntary organization so people should thank us for the very important
>>> work we do.
>>> I have a rather different view. I think that when someone puts
>>> themselves in the way of someone else's critical path, they are making a
>>> commitment to deal with the issue expeditiously and if that isn't possible,
>>> the answer is to not make things critical path.
>>> Given the number of times we have people pointing out the IESG are
>>> overworked, we should look to get out of the way as much as possible, not
>>> stand athwart the tides of history yelling stop.
>>> On Thu, Feb 4, 2021 at 6:44 PM Peter Gutmann <>
>>> wrote:
>>>> Phillip Hallam-Baker <> writes:
>>>> >Restrictive registration requirements contradict the principle of
>>>> >'permissionless innovation'. If the IETF is the place you go to get
>>>> >permission to innovate, we are doing it wrong.
>>>> +1.  To give a real-world experience of "expert review", when I tried
>>>> to go
>>>> through the process on $unnamed-wg there was an experts group that you
>>>> couldn't contact who had a non-public mailing list where decisions were
>>>> made
>>>> in secret, but that didn't matter since there was no way to contact
>>>> them.
>>>> Eventually it got sorted out by one or two people involved in the
>>>> process
>>>> going out of their way to help, but when done as it should have been the
>>>> process was more reminiscent of Kafka than the IETF.
>>>> Peter.
>>>> _______________________________________________
>>> Curdle mailing list