Re: [kitten] Register too long SASL mechs?
Robbie Harwood <rharwood@redhat.com> Wed, 26 May 2021 18:21 UTC
Return-Path: <rharwood@redhat.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 12E073A0D29
for <kitten@ietfa.amsl.com>; Wed, 26 May 2021 11:21:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.795
X-Spam-Level:
X-Spam-Status: No, score=-2.795 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.698, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001,
SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key)
header.d=redhat.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id gLh_zHHp079z for <kitten@ietfa.amsl.com>;
Wed, 26 May 2021 11:21:12 -0700 (PDT)
Received: from us-smtp-delivery-124.mimecast.com
(us-smtp-delivery-124.mimecast.com [216.205.24.124])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id C43493A0CCE
for <kitten@ietf.org>; Wed, 26 May 2021 11:21:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
s=mimecast20190719; t=1622053270;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:cc:mime-version:mime-version:content-type:content-type:
in-reply-to:in-reply-to:references:references;
bh=g5compOiNcpJ1QQcugn1gC+D2xgbyj67rqMIRgtENgM=;
b=OYpT0zG2H6JzwixgL7ZZnDqjzKrs7b5foI2/Nm5lgQwMo8Fa4Gyx9JOUoRgZDUFlZoNbsS
4SJzdAD0qgyrwuTZUSA2ckJa+U9s5BB2CtfQ13IeU3Xr22yyjx+mxp1gBwUB3uNFjUCZeD
A02pdQBlDdJ39ZUNVx+n/KdRNZFb9qQ=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
[209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
us-mta-511-B12DzDybOEOPeE8Yb8aeUA-1; Wed, 26 May 2021 14:21:07 -0400
X-MC-Unique: B12DzDybOEOPeE8Yb8aeUA-1
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com
[10.5.11.12])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by mimecast-mx01.redhat.com (Postfix) with ESMTPS id D507C801B12;
Wed, 26 May 2021 18:21:06 +0000 (UTC)
Received: from localhost (unknown [10.10.110.54])
by smtp.corp.redhat.com (Postfix) with ESMTP id 5380D70584;
Wed, 26 May 2021 18:21:03 +0000 (UTC)
From: Robbie Harwood <rharwood@redhat.com>
To: Simon Josefsson <simon=40josefsson.org@dmarc.ietf.org>, Simo Sorce
<simo@redhat.com>
Cc: kitten@ietf.org, Simon Josefsson <simon=40josefsson.org@dmarc.ietf.org>
In-Reply-To: <875yz5a065.fsf@latte.josefsson.org>
References: <87im35a9mi.fsf@latte.josefsson.org>
<8b6082df6e3fc913a0ea1cc3ae31350cc81b8738.camel@redhat.com>
<875yz5a065.fsf@latte.josefsson.org>
Date: Wed, 26 May 2021 14:21:00 -0400
Message-ID: <jlgbl8xnypf.fsf@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
Authentication-Results: relay.mimecast.com;
auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=rharwood@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: multipart/signed; boundary="=-=-=";
micalg=pgp-sha512; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/3ZkOXNciLJqYp3SO9BOhna9UqsE>
Subject: Re: [kitten] Register too long SASL mechs?
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>,
<mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>,
<mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 May 2021 18:21:25 -0000
Simon Josefsson <simon=40josefsson.org@dmarc.ietf.org> writes: > Simo Sorce <simo@redhat.com> writes: >> On Wed, 2021-05-26 at 15:48 +0200, Simon Josefsson wrote: >> >>> 1) Just let IANA register these names even if they are >>> non-compliant. >>> >>> 2) Don't formally register them but mention them on the IANA page to >>> avoid any interop problems and allowing people to find out what >>> these are. >>> >>> 3) Refuse registration since tey are non-compliant. >>> >>> I prefer 2) but could live with 1) as well. I don't think it is in >>> the best interest of anybody that registration is refused on >>> technicalities. Maybe this post is sufficient to make relevant >>> parties aware of what is happening, and IANA can continue with 1). I also don't think that refusing registration would help anything. >>> Pursuing standardization, or publishing a stable specification, of the >>> mechanisms is orthogonal to registration, but would be useful. Do you know if there's any intent to pursue standardization? >> Is there any risk that using those names can cause issues to an >> implementation that conforms to RFC 4422 ? > > Any implementation that don't support them would reject them as > unknown/invalid. If it causes a vulnerability, that should be fixed > anyway. So, no, not really, as far as I can see. > > My biggest concern is that if we register them formally, we introduce an > inconsistency with RFC 4422, and should there ever be an RFC describing > them, that ought to extend RFC 4422 to increase permitted length and I'm > not sure that is a good idea. I'm not sure it has to. As documentation of something that occurs in the wild, I think it could note that those names are non-compliant? It could also introduce alternate, compliant names for them. Now that said, I'm not aware of anything significant about 20 here, and wouldn't oppose just raising the length limit on the basis of "we found this in the wild and it's not an unreasonable name otherwise". > IANA suggested that we can add a 'Note:' section to the registry where > these mechanisms are mentioned, including that they don't conform to the > particular format imposed by RFC 4422. The suggestion of a note seems good. Thanks, --Robbie
- [kitten] Register too long SASL mechs? Simon Josefsson
- Re: [kitten] Register too long SASL mechs? Simo Sorce
- Re: [kitten] Register too long SASL mechs? Simon Josefsson
- Re: [kitten] Register too long SASL mechs? Robbie Harwood
- Re: [kitten] Register too long SASL mechs? Alexey Melnikov
- Re: [kitten] Register too long SASL mechs? Simo Sorce
- Re: [kitten] Register too long SASL mechs? Jeffrey Altman
- Re: [kitten] Register too long SASL mechs? Simon Josefsson
- Re: [kitten] Register too long SASL mechs? David Lloyd