Re: [kitten] Register too long SASL mechs?
Simo Sorce <simo@redhat.com> Wed, 26 May 2021 16:40 UTC
Return-Path: <simo@redhat.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 738F83A0A6F
for <kitten@ietfa.amsl.com>; Wed, 26 May 2021 09:40:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.795
X-Spam-Level:
X-Spam-Status: No, score=-2.795 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.698, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001,
SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key)
header.d=redhat.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id xrDHQyVRn1IQ for <kitten@ietfa.amsl.com>;
Wed, 26 May 2021 09:39:56 -0700 (PDT)
Received: from us-smtp-delivery-124.mimecast.com
(us-smtp-delivery-124.mimecast.com [170.10.133.124])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 031A93A0A73
for <kitten@ietf.org>; Wed, 26 May 2021 09:39:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
s=mimecast20190719; t=1622047194;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:mime-version:mime-version:content-type:content-type:
content-transfer-encoding:content-transfer-encoding:
in-reply-to:in-reply-to:references:references;
bh=djtvsMsi5uKlomL+sZZ85QgHPeltB1fkZmld6Um+ErY=;
b=Ik8cIpcsB/JbvJuP+ls2cPiyQehxRmh5steieuadr4zwjGQAHyB75UzdZAJQddOyb9zUFD
rC7putFdp1WyfCrM8wev1BrwUWk1xaxloE0N0LViAsQN0Ul/bKDqu7rAoqGMtIbjzxQnTR
pBdjkitu/T0TQ5ptO1gRg+qm6qxVccU=
Received: from mail-qv1-f69.google.com (mail-qv1-f69.google.com
[209.85.219.69]) (Using TLS) by relay.mimecast.com with ESMTP id
us-mta-434-XfRBEj9HOtCPx_cdE2b5CQ-1; Wed, 26 May 2021 12:39:52 -0400
X-MC-Unique: XfRBEj9HOtCPx_cdE2b5CQ-1
Received: by mail-qv1-f69.google.com with SMTP id
r11-20020a0cb28b0000b02901c87a178503so1649373qve.22
for <kitten@ietf.org>; Wed, 26 May 2021 09:39:52 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:message-id:subject:from:to:date:in-reply-to
:references:organization:user-agent:mime-version
:content-transfer-encoding;
bh=djtvsMsi5uKlomL+sZZ85QgHPeltB1fkZmld6Um+ErY=;
b=Wxo3Dg8oEHxUUUllzvMIWD/OHsECnZ8Ay77rD0jUTUYoufPJhi1MlWGJmCRbi9f8Wn
g/aPZoPxYCkdumD4CWnHrxD4oPdp42mfxkFHWJbg00WLFzLH8WqarJiLi0R6+6gqrd99
EKJx77CETeA3T6ufXdCzOD5ovsYKaSQq1E2+o7R+K7ksW9QdUxfXiFolBBcb/4F2YLKv
JJRla9VszUjkf+ajovvv/5n970VMiVRFn5tWGVl7OH0u0dqqD6SrqnfuvH7cJXjWjZ5p
R4yc6+sRq6qHePlVl2yvwzVke3cKL5uYaL5HphpoXMZTUbi7UOjDxZKLHy+sBt0uoa5n
iA2Q==
X-Gm-Message-State: AOAM530DmYZH0tHOva621RQUoRKffh1lvlXHl4UUBDhkrw/1lo+Uw6+Y
Tm/+a5YjQOT5gyFE2vfyk2MdIcgpK9w7I9jNo/oE/h3NR9FE6RiDLGSqy7lnzNozPep+aryNcun
EiaYta80=
X-Received: by 2002:a37:5b43:: with SMTP id p64mr43027699qkb.131.1622047191835;
Wed, 26 May 2021 09:39:51 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxjYUleh0HDBou23BsXOYWbHR4EVEbmAc/Evs0XUdvCR2MQBtAYXwNeMvlIBwQiu5AMT5t5AQ==
X-Received: by 2002:a37:5b43:: with SMTP id p64mr43027683qkb.131.1622047191617;
Wed, 26 May 2021 09:39:51 -0700 (PDT)
Received: from ?IPv6:2603:7000:9400:fe80::baf?
(2603-7000-9400-fe80-0000-0000-0000-0baf.res6.spectrum.com.
[2603:7000:9400:fe80::baf])
by smtp.gmail.com with ESMTPSA id h62sm1889969qkf.45.2021.05.26.09.39.50
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Wed, 26 May 2021 09:39:50 -0700 (PDT)
Message-ID: <8b6082df6e3fc913a0ea1cc3ae31350cc81b8738.camel@redhat.com>
From: Simo Sorce <simo@redhat.com>
To: Simon Josefsson <simon=40josefsson.org@dmarc.ietf.org>, kitten@ietf.org
Date: Wed, 26 May 2021 12:39:49 -0400
In-Reply-To: <87im35a9mi.fsf@latte.josefsson.org>
References: <87im35a9mi.fsf@latte.josefsson.org>
Organization: Red Hat
User-Agent: Evolution 3.38.4 (3.38.4-1.fc33)
MIME-Version: 1.0
Authentication-Results: relay.mimecast.com;
auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=simo@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/9y-2rL8yDP-SzqvA1qgKQ-vF7xY>
Subject: Re: [kitten] Register too long SASL mechs?
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>,
<mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>,
<mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 May 2021 16:40:05 -0000
On Wed, 2021-05-26 at 15:48 +0200, Simon Josefsson wrote: > Hi! There is a request to register the ECDH-X25519-CHALLENGE and > ECDSA-NIST256P-CHALLENGE mechanism names in the IANA SASL registry. The > policy is First Come First Serve, so there is no real requirement of a > standard or anything, however the names are longer than the 20 character > limit imposed by RFC 4422. Supposedly these are already deployed and > have been used in the wild for a couple of years already. > > Some references: > https://www.iana.org/assignments/sasl-mechanisms/sasl-mechanisms.xhtml > https://github.com/atheme/atheme/blob/master/modules/saslserv/ecdh-x25519-challenge.c > https://github.com/kaniini/ecdsatool#mechanism-spec > > As far as I can see, we have some options: > > 1) Just let IANA register these names even if they are non-compliant. > > 2) Don't formally register them but mention them on the IANA page to > avoid any interop problems and allowing people to find out what these > are. > > 3) Refuse registration since tey are non-compliant. > > I prefer 2) but could live with 1) as well. I don't think it is in the > best interest of anybody that registration is refused on technicalities. > Maybe this post is sufficient to make relevant parties aware of what is > happening, and IANA can continue with 1). > > Thoughts? > > Pursuing standardization, or publishing a stable specification, of the > mechanisms is orthogonal to registration, but would be useful. Is there any risk that using those names can cause issues to an implementation that conforms to RFC 4422 ? Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc
- [kitten] Register too long SASL mechs? Simon Josefsson
- Re: [kitten] Register too long SASL mechs? Simo Sorce
- Re: [kitten] Register too long SASL mechs? Simon Josefsson
- Re: [kitten] Register too long SASL mechs? Robbie Harwood
- Re: [kitten] Register too long SASL mechs? Alexey Melnikov
- Re: [kitten] Register too long SASL mechs? Simo Sorce
- Re: [kitten] Register too long SASL mechs? Jeffrey Altman
- Re: [kitten] Register too long SASL mechs? Simon Josefsson
- Re: [kitten] Register too long SASL mechs? David Lloyd