IETF Logo Mail Archive

Re: [kitten] Murray Kucherawy's No Objection on draft-ietf-kitten-krb-spake-preauth-11: (with COMMENT)

"Murray S. Kucherawy" <superuser@gmail.com> Mon, 22 January 2024 02:50 UTC

Return-Path: <superuser@gmail.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 83BDFC14F6B4; Sun, 21 Jan 2024 18:50:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GsBHeySuJBEd; Sun, 21 Jan 2024 18:50:09 -0800 (PST)
Received: from mail-ej1-x62b.google.com (mail-ej1-x62b.google.com [IPv6:2a00:1450:4864:20::62b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BFB60C14F6B3; Sun, 21 Jan 2024 18:50:09 -0800 (PST)
Received: by mail-ej1-x62b.google.com with SMTP id a640c23a62f3a-a2e633c5365so66091966b.1; Sun, 21 Jan 2024 18:50:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1705891807; x=1706496607; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=hReVSMhCnKW0qREmYjRsCzcB7rqyrTegcGyG4dqxrCw=; b=AP7gFaEzhJl3/mtvLZ2r8O6u7iapJa6pG+FFR1Zn63auDbp8dGNdHi+xuXh3NtXVKN 1rYxzYeSBnbT+PEkyne5LC6lWhSS63X7xJtaDqEIKtU1LTDlFkLaX0XK2Gz/bNWWWyJ5 k+lGeI0bm2IqqHl3HJye8F6XwbtzzjsFtmxwRKAhrHmf68VJK/Vy6/bGBCFfcMjMjuxI IkmgDPXjlNrCxxz7zBAki6Zj90qHnwQunhJmWiHbg4zTUuOxRXcOcghMfQ6OaySRAomk 5CfMGCfDXViAFduCC+gmi+CikZi4AJSLd+MTIqnpqGmJ5CB4EoAp7GdRTQco8aLNLPKl oghA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705891807; x=1706496607; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=hReVSMhCnKW0qREmYjRsCzcB7rqyrTegcGyG4dqxrCw=; b=YM+9FFNp/c/9UjlZC6x/lJ1ETHvRyqQ946+c86AmGeDk4tBsTZWV417nfhXojcB80i /EcoZxxgHGVXkNt1tROgAFaPbGHmyvd6ioaeVajb4v3W7WXYytD/+c5xQUjs3I6op1Tk 0u7PxtMuVSnHTg8YZvWMHOWqwrhIZoI83yex/+w9yk54Xcvt7EevlRa6aHVdlXOTjpXS 3W2v2wYAldMQjBgbD7ybHCD3VAhNgp47/bBdh+ikkmcKLwe2WIebtkC7flQ2lImNiq0P JWy7zJe0230NiHU56hH5lRKgSwyKXLBhwkiPvJlpSnDJzrpw4Gd3NVV3oWdoqmMmSTVu t77A==
X-Gm-Message-State: AOJu0YxXmUGj6ncwE5aes0RqplQ8fw4sEwcTIuGt1hISw/7gods8477h Q3LvwQR52FcraGeHUyJ9r9GresgjBaaEThMb7g7J3yQYQKaalHZiHDgPZGZNoADWdnH5xkJOGNg bhRWB2ToV1e+3MSq5yimB9hplOYg=
X-Google-Smtp-Source: AGHT+IGKdeM3RhIB8d5kG1taOTCeMKWYtGHGq9LXHMpzPBY5D4iDwsI0yBqlLEc9A2/t7Z+zGk476jtLc4fqm7xr09Q=
X-Received: by 2002:a17:906:48c3:b0:a2e:5c09:e367 with SMTP id d3-20020a17090648c300b00a2e5c09e367mr3748538ejt.6.1705891807126; Sun, 21 Jan 2024 18:50:07 -0800 (PST)
MIME-Version: 1.0
References: <170559100930.21281.8142882686300667918@ietfa.amsl.com> <d5d9e798-c6c1-4f15-a1f2-4e08580a70c4@mit.edu> <CAL0qLwZUOepsqoGY+kb5tB8CBc=EOYAtoSXk35XAMD4LF5Hw8w@mail.gmail.com> <ZaoDKjMhV3g1w4pp@ubby> <CAL0qLwbueeYOCQSgapa6yx1DzbXLYXuNUMzUvH3m1X-LzaNNxA@mail.gmail.com> <Zav47pSFM0Y/r+wJ@ubby>
In-Reply-To: <Zav47pSFM0Y/r+wJ@ubby>
From: "Murray S. Kucherawy" <superuser@gmail.com>
Date: Sun, 21 Jan 2024 18:49:55 -0800
Message-ID: <CAL0qLwZhpcQR9vLR1sDAbeLMJbCqX5onSnmybHGfU_fvF1jHCA@mail.gmail.com>
To: Nico Williams <nico@cryptonector.com>
Cc: Greg Hudson <ghudson@mit.edu>, The IESG <iesg@ietf.org>, draft-ietf-kitten-krb-spake-preauth@ietf.org, kitten-chairs@ietf.org, kitten@ietf.org
Content-Type: multipart/alternative; boundary="000000000000306b22060f7fe335"
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/4nlIKIan0RnjQi55FOZkNvs31lU>
Subject: Re: [kitten] Murray Kucherawy's No Objection on draft-ietf-kitten-krb-spake-preauth-11: (with COMMENT)
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jan 2024 02:50:14 -0000

Well, that escalated quickly.

On Sat, Jan 20, 2024 at 8:46 AM Nico Williams <nico@cryptonector.com> wrote:

> > If I'm an implementer following a link from an IANA registration to an
> I-D,
> > but then there's a big colorful warning that the I-D is expired, wouldn't
> > it be reasonable for me to believe that the registration, the document,
> or
> > both are no longer valid?  This seems really strange to me.  I would
> expect
> > to find a link to something current.
>
> What that situation would mean is this: the registration is valid, the
> I-D is expired, and you have to go figure out whether the registered
> elements are in use in the wild.  Some of the registrations in that
> registry don't even have any specification, so the ones for which an I-D
> is listed are a lot easier for implementers to understand that the ones
> for which an I-D is not listed.
>

As an implementer not familiar with the details of IETF documents and
operation, I would also have to figure out why something clearly marked
"expired", with what certainly look like warnings, should be considered
"active" in any sense.  Have a look at
https://datatracker.ietf.org/doc/draft-kucherawy-dkim-rcpts/ for example;
it goes out of its way to tell you the document is expired (twice in red,
twice in orange).  I would not care whether they're in use in the wild, I
would wonder why I'm seeing it used in the wild at all.

But this registry is Expert Review, which means NOT EVEN any
> specification is needed, not even an expired I-D.  Would you rather that
> IANA delete the reference to the expired I-D and make things even harder
> for implementers?  Surely not!
>

That's not what -11 says in Section 12:

"Registry entries are to be evaluated using the Specification Required
method. All specifications must be be [sic] published prior to entry
inclusion in the registry. Once published, they can be submitted directly
to the krb5-spake-review@ietf.org mailing list, where there will be a
three-week long review period by Designated Experts."

Is it supposed to say Expert Review?

Is a draft considered "published"?  I thought it wasn't.


> > Should we deregister something if it references an I-D that expires?  Or
>
> [...]
>
> Sometimes I-Ds don't progress but their implementations remain in use.
> What can you do about that?  I don't know.  But everything you've
> proposed would make things worse, not better.
>

I'm trying to be constructive here.  I don't know where all this aggression
is coming from.

We have a wiki, I believe.  Maybe we should avail ourselves of it.


> > maybe it should seek publication via the ISE instead if the WG drops it?
>
> You can't make the IETF publish RFCs when there's no energy to do it.
>
> Someone has to pay the salaries of the authors and editors and reviewers
> and shepherds and ADs who will push a semi-abandoned I-D across the
> finish line.  There is also the opportunity cost of not having them do
> something more productive.
>

Yes, I'm quite aware.


> > Or something?
>
> Sometimes there's nothing good to be done.
>
> The cost of "stale" registrations in large namespaces is near zero.
> Leave it be.
>

I'm not concerned with the size of the namespace, nor with a code point
registered that falls into disuse.  I'm thinking about the experience of
implementers that come to a page that warns people off of using what's
behind it.  Someone not familiar with the IETF might think something's
pretty broken here.  I don't understand why that's such an insane thing to
consider.


> > I don't think I'm disputing the registration policy you've chosen.  I'm
> > disputing whether we should consider an I-D to be "stable".
>
> They don't get removed from the archive.  Therefore they are "stable".
>

But they get flagged as "expired", which the dictionary defines as "ceased
to be valid".  A reasonable person might conclude that it's a stable
document, but no longer valid.

I'm not going to respond to the more condescending points.  I raised this
as a concern, and at least one other AD concurred.  However, it's not a
blocking ballot.  If the responsible AD is fine with it, I'm not in the way.

-MSK

v2.23.0 | Report a Bug | By Email