IETF Logo Mail Archive

Re: [saag] SSH & Ntruprime

Carsten Bormann <cabo@tzi.org> Tue, 26 March 2024 09:37 UTC

Return-Path: <cabo@tzi.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76938C151551 for <ietf@ietfa.amsl.com>; Tue, 26 Mar 2024 02:37:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.207
X-Spam-Level:
X-Spam-Status: No, score=-4.207 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fAoY6MEiSpRs for <ietf@ietfa.amsl.com>; Tue, 26 Mar 2024 02:37:44 -0700 (PDT)
Received: from smtp.zfn.uni-bremen.de (smtp.zfn.uni-bremen.de [134.102.50.21]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C8B98C15154E for <ietf@ietf.org>; Tue, 26 Mar 2024 02:37:42 -0700 (PDT)
Received: from smtpclient.apple (unknown [118.200.2.47]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp.zfn.uni-bremen.de (Postfix) with ESMTPSA id 4V3l8L6YGLzDCgd; Tue, 26 Mar 2024 10:37:38 +0100 (CET)
Content-Type: multipart/alternative; boundary="Apple-Mail-10396CF2-281F-4D5A-92FA-51CB8DD997B7"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (1.0)
Subject: Re: [saag] SSH & Ntruprime
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <c140a11a-7930-471a-a3bc-5d4362e5889a@alumni.stanford.edu>
Date: Tue, 26 Mar 2024 17:37:23 +0800
Cc: ietf@ietf.org
Message-Id: <4140C376-C5C2-4CA6-B436-BAE7418CD043@tzi.org>
References: <c140a11a-7930-471a-a3bc-5d4362e5889a@alumni.stanford.edu>
To: Randy Presuhn <randy_presuhn@alumni.stanford.edu>
X-Mailer: iPhone Mail (21E219)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/EALdy5RdJZW73ed0dzjQbz5AACI>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IETF-Discussion. This is the most general IETF mailing list, intended for discussion of technical, procedural, operational, and other topics for which no dedicated mailing lists exist." <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Mar 2024 09:37:48 -0000

Folks , Randy is right.  

If this discussion is intended to spark a rule change, please keep in mind that these rules weren’t made for the security area, but for the whole of IANA. Please don’t damage the parts you don’t know about. 

Sent from mobile, sorry for terse

> On 26. Mar 2024, at 04:20, Randy Presuhn <randy_presuhn@alumni.stanford.edu> wrote:
> 
> Hi -
> 
>> On 2024-03-25 12:50 PM, S Moonesamy wrote:
>> Hi Mike,
>> At 11:49 AM 25-03-2024, Michael StJohns wrote:
>>> Context for the IETF list.  A set of IANA notes were included in RFC8447 that allowed IDs to be considered as satisfying "Specification Required" for the purpose of issuing code points in IANA registries.  The IANA requires stable references for a Specification Required.  However, to quote from the ID boilerplate,  "It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
>>> 
>>> These two seem to be in conflict.
>> The "Specification Required" policy is defined in "Guidelines for Writing an IANA Considerations Section in RFCs" (BCP 26) as a formal public specification.  The BCP also contains some information about the intent behind the policy.  I'll quote some text from the BCP as it may easier for the occassional reader:
>>   "Publication of an RFC is an ideal means of achieving this
>>    requirement, but Specification Required is intended to also
>>    cover the case of a document published outside of the RFC path,
>>    including informal documentation."
>> There is also another policy which states "RFC Required" which is a bar higher in comparison with "Specification Required".
>> The "IANA Registry Updates for TLS and DTLS" (RFC 8447) is on the Standards Track.  The RFC is about instructions for the designed experts and IANA.  Section 12, for example, states that "It is sufficient to have an Internet-Draft (that is posted and never published as an RFC) or a document from another standards body, industry consortium, university site, etc."
>> There is a conflict between BCP 26 and RFC 8447.
> ...
> 
> What is the conflict you see?  The text you cited seems to me to present
> no conflict.  A posted Internet-Draft certainly seems to fit within
> the realm of "a document published outside of the RFC path, including
> informal documentation."
> 
> Randy
>

v2.23.0 | Report a Bug | By Email