Re: [Curdle] Time to Review IANA SSH Registries Policies?

"Mark D. Baushke" <mdb@juniper.net> Fri, 05 February 2021 03:50 UTC

Return-Path: <mdb@juniper.net>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 053D23A1B5C; Thu, 4 Feb 2021 19:50:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.359
X-Spam-Level:
X-Spam-Status: No, score=-3.359 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.25, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H5=-1, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b=bzgrwMO4; dkim=pass (1024-bit key) header.d=juniper.net header.b=b1Xid38R
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id stsOeHPQJ4PW; Thu, 4 Feb 2021 19:50:46 -0800 (PST)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F9B23A1B59; Thu, 4 Feb 2021 19:50:46 -0800 (PST)
Received: from pps.filterd (m0108162.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 1153oGh4027021; Thu, 4 Feb 2021 19:50:41 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=to : cc : subject : in-reply-to : references : from : mime-version : content-type : content-id : date : message-id; s=PPS1017; bh=nummEj3H2zL4qPu/WNMkdPBlAhjiccZdkQJs8y008s8=; b=bzgrwMO4DBJVyGv3HW+K+n3mwPWHZ34wGo7FGmuBVitE5zRhdlfAft+Bs6wZCLHYuBZP CSvpac0r9m9hbVq1Gbl3ObrAevOZBNXFFqXK1ZbXT9YFDqIY3RfJWt9viOWiAl7SOLK4 awYI9ZZx8Jw4oI+OveAPZo1yeRGltuK/DCNV/skoziYJyrEmERpYwzxZUIOuNi7lgsK/ uJaEiMfmUI3nHthKBEBNuX/3aRk3AuYw3asex4x8sza8FzyBAHyHT5ZWmj+xgNsFBLWJ 47k9opz7ePGaYxArk+SzWLVb9n0or7R3Le9Q9f1hhq6uuk2+RiD27/FcNuZBXzMTaL1d HA==
Received: from nam10-mw2-obe.outbound.protection.outlook.com (mail-mw2nam10lp2107.outbound.protection.outlook.com [104.47.55.107]) by mx0b-00273201.pphosted.com with ESMTP id 36gnkvrwj3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 04 Feb 2021 19:50:41 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CGxKyOeoGMdE8yRuSrlzmIYyrpFqAzf6Gm9J2vs37xr7jgGsd2dc90V0Nk0+wD7E9vKWkH3Y/4+jKATL2CbfyeIbjDqypEZk0aDBzn/+8R9XWWoNof1ZHu+tLNnOV8gA/AKbarERZ0ONNpSFww+AwfBaacK2wiyebl5twiM3gScZNa7t9LxDpD77ZWex2dCEDhaqwLPSok60nKANO+dm+IqR2+S5UXfz1CT6Nueu5iu9f18slRwSuHDCdlCCibAjn8hucOvTEUQ0+kkJp+LQjPNuJ2+7fGVRv6ROtKWYZSL+Zx3zS4QE0NMv59DFTw3Dca9uXwDWw1Ce6KL2qizAmg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nummEj3H2zL4qPu/WNMkdPBlAhjiccZdkQJs8y008s8=; b=bmZ0DMvGXjxVy8W9O2SqtBPf6fwhWBr4qzAaTVloJ5ds4hLaPXJ7q2U4IRwSwNmfd4rmS9v1x5FY3H/7biHIIrk3Q/5qEI4tkfVg1h1r9zraNsgGR/fnjq7BgcPM2PZiKfVSDG3APWXCBjt0ez18FFtAucKK0hZXPUQ2vr2rw3mFOIeBfPXDFscHvP17JvHIupkENmGE1qtD3HL0pevz+EXw7IuJkjORjnuT1SvBEWsIzdpoRHktBJQ745iuJ5PQrY+VC9nOJlVzeCs32gjMrcnrS5OOS2fkR8DNkiaJVs4bmFyFeB9yOsbTNuoPPY4Id92B46+eFNOagWV2iBRQoA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=softfail (sender ip is 66.129.239.12) smtp.rcpttodomain=ietf.org smtp.mailfrom=juniper.net; dmarc=fail (p=reject sp=reject pct=100) action=oreject header.from=juniper.net; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nummEj3H2zL4qPu/WNMkdPBlAhjiccZdkQJs8y008s8=; b=b1Xid38RMXAZI+hBWDH5wWmi39A9K3mFdQbrqS1bfa8hIbYOVpwGy4rJvEY2ILkOO2NlDqbbECigT3raoIFyryfQJ5VPCcW1+uKYIuy9JtpY4DTy9U7SvV8mjD9xEUQMz9fwBizHaIvgAX6JSH8hUY2yY3cucjPFoI184grtHLo=
Received: from BN0PR04CA0136.namprd04.prod.outlook.com (2603:10b6:408:ed::21) by CO1PR05MB7990.namprd05.prod.outlook.com (2603:10b6:303:f0::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3846.11; Fri, 5 Feb 2021 03:50:39 +0000
Received: from BN8NAM12FT005.eop-nam12.prod.protection.outlook.com (2603:10b6:408:ed:cafe::35) by BN0PR04CA0136.outlook.office365.com (2603:10b6:408:ed::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3825.20 via Frontend Transport; Fri, 5 Feb 2021 03:50:39 +0000
X-MS-Exchange-Authentication-Results: spf=softfail (sender IP is 66.129.239.12) smtp.mailfrom=juniper.net; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=fail action=oreject header.from=juniper.net;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.12 as permitted sender)
Received: from P-EXFEND-EQX-01.jnpr.net (66.129.239.12) by BN8NAM12FT005.mail.protection.outlook.com (10.13.182.167) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.3805.6 via Frontend Transport; Fri, 5 Feb 2021 03:50:39 +0000
Received: from P-EXBEND-EQX-01.jnpr.net (10.104.8.52) by P-EXFEND-EQX-01.jnpr.net (10.104.8.54) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 4 Feb 2021 19:50:36 -0800
Received: from P-EXBEND-EQX-02.jnpr.net (10.104.8.53) by P-EXBEND-EQX-01.jnpr.net (10.104.8.52) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 4 Feb 2021 19:50:36 -0800
Received: from p-mailhub01.juniper.net (10.104.20.6) by P-EXBEND-EQX-02.jnpr.net (10.104.8.53) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Thu, 4 Feb 2021 19:50:36 -0800
Received: from eng-mail03.juniper.net (eng-mail03.juniper.net [10.108.22.11]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id 1153oYB1012619; Thu, 4 Feb 2021 19:50:34 -0800 (envelope-from mdb@juniper.net)
Received: from eng-mail03 (localhost [127.0.0.1]) by eng-mail03.juniper.net (8.16.1/8.14.9) with ESMTP id 1153qqje044845; Thu, 4 Feb 2021 19:52:52 -0800 (PST) (envelope-from mdb@juniper.net)
To: "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>
CC: Tero Kivinen <kivinen@iki.fi>, "Jeffrey T. Hutzelman" <jhutz@cmu.edu>, Curdle List <curdle@ietf.org>, SSH List <ietf-ssh@netbsd.org>, Sean Turner <sean@sn3rd.com>
In-Reply-To: <A2ED4CCD-9890-4841-A677-0B53EEB32416@akamai.com>
References: <7B98A823-604D-4612-997C-2DC35632901B@sn3rd.com> <f1f5c690-f37f-4eca-8834-50b5f44591a7@cmu.edu> <24604.32772.431274.534490@fireball.acr.fi> <A2ED4CCD-9890-4841-A677-0B53EEB32416@akamai.com>
Comments: In-reply-to: "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org> message dated "Fri, 05 Feb 2021 02:23:08 +0000."
From: "Mark D. Baushke" <mdb@juniper.net>
X-Phone: +1 408 745-2952 (Office)
X-Mailer: MH-E 8.6+git; nmh 1.7.1; GNU Emacs 27.1
X-Face: #8D_6URD2G%vC.hzU<dI&#Y9szHj$'mGtUq&d=rXy^L$-=G_-LmZ^5!Fszk:yXZp$k\nTF? 8Up0!v/%1Q[(d?ES0mQW8dRCXi18gK)luJu)loHk, }4{Vi`yX?p?crF5o:LL{6#eiO:(E:YMxLXULB k|'a*EjN.B&L+[J!PhJ*aX0n:5/
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <44843.1612497167.1@eng-mail03>
Date: Thu, 4 Feb 2021 19:52:47 -0800
Message-ID: <44844.1612497167@eng-mail03>
X-EXCLAIMER-MD-CONFIG: e3cb0ff2-54e7-4646-8a04-0dae4ac7b136
X-EOPAttributedMessage: 0
X-MS-Office365-Filtering-HT: Tenant
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: edca943b-2065-497d-ccdd-08d8c98933fc
X-MS-TrafficTypeDiagnostic: CO1PR05MB7990:
X-Microsoft-Antispam-PRVS: <CO1PR05MB7990D7828DDA6201D58C147CBFB29@CO1PR05MB7990.namprd05.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: sL0t18On1zeCVvF0RxKEgTld/gqK3ta3iDk6iUnhTLziXm1C+G/rXKgWRxbrKqpae2u5D0TfwfnCBkY9TpgSiJ+4HSZU2llTX0QeUUzKrdqUiAIq3qmqFnaXWlbZukT0uf4hXmtPMxkgr4QMQLxyU1lTWCUV6RbGBpmhpPtOwBF/7eTxxqBdd6PPsqkleLkKxHackGurKidpC9v0eas2w4ZOH178Ugi4uit7Dqisk9Iu41jWv36tE4iEY+Z8cqdhwuuhQebFn7ibLc3enER+VYojr7BUI+U5nMbJJbIsQtWFyw9j1H/NGOlee5iWQnDtu57DhZtFYbrVpYc7Z+BVacV/EPInobkmGbqi21Hcv62XxSWJ15vN0ujaS7lyQZN8HpXuBE89jNv9oVovRGuKwqwhyevfhM/ZwEkcda/RH5uKhhYVVwujJiMX2M72LqAPmcU3s4azro6CDGPSvq5StQ6NtLW0Z4GuOjyCrUdoiv7dp9EyukpPhCTZ+9Gmj3c6bkdyanq+MQ23KvIEko33AK+NUpZn9noqiG3jgaaipnvtiEWNGOkHz4nOgGfc0PT23xDTmHqVEjekOmfeeSi/eTImbBa5FzySg6VEnT01x4411dN04W1+t3x21/uTe2gKgSyzX3tXBb/sW5378eo7GOqZuayJ60MI6Yopi2xL4L/qk8BkozKd5xg4d+Tz7GkspkMJofTQAGVedKq4YxzBog==
X-Forefront-Antispam-Report: CIP:66.129.239.12; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:P-EXFEND-EQX-01.jnpr.net; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(4636009)(396003)(376002)(136003)(346002)(39860400002)(36840700001)(46966006)(356005)(81166007)(8936002)(316002)(54906003)(83380400001)(47076005)(66574015)(2906002)(82310400003)(36860700001)(26005)(5660300002)(7126003)(82740400003)(336012)(70586007)(4326008)(6666004)(426003)(478600001)(9686003)(186003)(33716001)(8676002)(70206006)(86362001)(62816006)(36900700001); DIR:OUT; SFP:1102;
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Feb 2021 03:50:39.1434 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: edca943b-2065-497d-ccdd-08d8c98933fc
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.12]; Helo=[P-EXFEND-EQX-01.jnpr.net]
X-MS-Exchange-CrossTenant-AuthSource: BN8NAM12FT005.eop-nam12.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1PR05MB7990
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369, 18.0.737 definitions=2021-02-05_02:2021-02-04, 2021-02-05 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 suspectscore=0 bulkscore=0 impostorscore=0 lowpriorityscore=0 mlxlogscore=605 adultscore=0 clxscore=1011 phishscore=0 priorityscore=1501 malwarescore=0 spamscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2102050023
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/vLolqSvrCC7qFEbf3Zs85q_-LgA>
Subject: Re: [Curdle] Time to Review IANA SSH Registries Policies?
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Feb 2021 03:50:48 -0000

Salz, Rich <rsalz=40akamai.com@dmarc.ietf.org> writes:

>     > identifiers without going through the registry (specifically,
>     > identifiers of the form name@domain are permitted, as assigned
>     > by the owner of that domain).
> 
> It is possible to mark user@dom.ain as private/experimental and not
> require review. The only issue would be if such identifiers are needed
> for interop and the table has to be in IANA. Is that the case?

Names with @dom.ain are explicitly NOT to be in IANA per
RFC 4250 section 4.6.1

...elided...
| 4.6.1.  Conventions for Names
| 
|    All names registered by the IANA in the following sections MUST be
|    printable US-ASCII strings, and MUST NOT contain the characters at-
|    sign ("@"), comma (","), whitespace, control characters (ASCII codes
|    32 or less), or the ASCII code 127 (DEL).  Names are case-sensitive,
|    and MUST NOT be longer than 64 characters.
| 
|    A provision is made here for locally extensible names.  The IANA will
|    not register, and will not control, names with the at-sign in them.
| 
|    Names with the at-sign in them will have the format of
|    "name@domainname" (without the double quotes) where the part
|    preceding the at-sign is the name.  The format of the part preceding
|    the at-sign is not specified; however, these names MUST be printable
|    US-ASCII strings, and MUST NOT contain the comma character (","),
|    whitespace, control characters (ASCII codes 32 or less), or the ASCII
|    code 127 (DEL).  They MUST have only a single at-sign in them.  The
|    part following the at-sign MUST be a valid, fully qualified internet
|    domain name [RFC1034] controlled by the person or organization
|    defining the name.  Names are case-sensitive, and MUST NOT be longer
|    than 64 characters.  It is up to each domain how it manages its local
|    namespace.  It has been noted that these names resemble STD 11
|    [RFC0822] email addresses.  This is purely coincidental and has
|    nothing to do with STD 11 [RFC0822].  An example of a locally defined
|    name is "ourcipher-cbc@example.com" (without the double quotes).
...elided...

Please note that foo@example.com is a different extension than
foo@Example.COM due to the case-sensitive nature of the name.
(Yes, it is confusing.)

	Be safe, stay healthy,
	-- Mark