Re: [kitten] Register too long SASL mechs?

Simon Josefsson <simon@josefsson.org> Thu, 27 May 2021 15:18 UTC

Return-Path: <simon@josefsson.org>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D9DB53A12A4; Thu, 27 May 2021 08:18:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=josefsson.org header.b=ujtB9+xL; dkim=pass (2736-bit key) header.d=josefsson.org header.b=Nsi3rSSD
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ProlvhFBUg1G; Thu, 27 May 2021 08:18:00 -0700 (PDT)
Received: from uggla.sjd.se (uggla.sjd.se [IPv6:2001:9b1:8633::107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BA6423A1623; Thu, 27 May 2021 08:17:06 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=ed2101; h=Content-Type:MIME-Version:Message-ID:In-Reply-To :Date:References:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding :Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=dEI8Q1TDZRTeZN7xBa9e2vi/p7bv+wdqd8GZPLrhhGs=; t=1622128626; x=1623338226; b=ujtB9+xLdoTySIrL//Mg31lQeD7Z+Q4IBY6WiPmVos765S5QBMTskONaBleIWSHD/nvjQnGY6y RNaF8HYOb7DA==;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=rsa2101; h=Content-Type:MIME-Version:Message-ID: In-Reply-To:Date:References:Subject:Cc:To:From:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=dEI8Q1TDZRTeZN7xBa9e2vi/p7bv+wdqd8GZPLrhhGs=; t=1622128626; x=1623338226; b=Nsi3rSSDl9D4Ju3c9QPa7sKnBdwIM+pAeJSzQPGUTcUnVo040dMdo2qEzffwO6+tRK+uXI1JjH c/gZcFonocLqUFwWJRAx6nd2ihK9SvPPwb4cvQUnwH+KcqZfGb7bsZG+XYpU6hA1KN5k3QCtAsSsC 4JeHh3p4agzWgmA5FSrHOYiFvbmIi6RDoGJT4gmJFha7xyFDX7v53ovVNJ7rRlBv03qPbLCZ8zZeP kDpVBuqN4u5aOz2lHHWw/appVk8CMBQdUmcAQXZuXgmNRdVrgHMWnRw1ikpvzOlcJuVSEpj5g2NnX Nsnwlxh/CoLSpIUaHDBCdg6FL36PgxPvPT/FuQwIalg7B6TfE22YEG0ACKRS8SdOGYAvlXz4DBZRc uKvxaoYyW1X44m6VDGmnSwmobHEqySVWobSyPuvnrPYaLekJp5HpAtXh7nKHJuwAE5MDAEopQD ;
Received: from [2001:9b1:41ac:ff00:b81f:8f22:2a29:9e34] (port=55722 helo=latte) by uggla.sjd.se with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <simon@josefsson.org>) id 1lmHkp-000192-B6; Thu, 27 May 2021 15:16:59 +0000
From: Simon Josefsson <simon@josefsson.org>
To: Jeffrey Altman <jaltman@secure-endpoints.com>
Cc: "Simon Josefsson \(simon\=40josefsson.org\@dmarc.ietf.org\)" <simon=40josefsson.org@dmarc.ietf.org>, kitten@ietf.org
References: <87im35a9mi.fsf@latte.josefsson.org> <b6e58ea8-2f9e-56c7-266c-f423f5368310@secure-endpoints.com>
OpenPGP: id=B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE; url=https://josefsson.org/key-20190320.txt
X-Hashcash: 1:22:210527:simon=40josefsson.org@dmarc.ietf.org::TqOkxrWc2m3C8j/b:1lzK
X-Hashcash: 1:22:210527:kitten@ietf.org::e5Vp3kH24CqPhRWm:5x4D
X-Hashcash: 1:22:210527:jaltman@secure-endpoints.com::fA/vsA7op7V2HZDH:L7uo
Date: Thu, 27 May 2021 17:16:58 +0200
In-Reply-To: <b6e58ea8-2f9e-56c7-266c-f423f5368310@secure-endpoints.com> (Jeffrey Altman's message of "Thu, 27 May 2021 10:05:04 -0400")
Message-ID: <87bl8w1a1h.fsf@latte.josefsson.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/DYXE4pV39h0pjNZI5NNzicbBkvc>
Subject: Re: [kitten] Register too long SASL mechs?
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 May 2021 15:18:07 -0000

Jeffrey Altman <jaltman@secure-endpoints.com> writes:

> There is a fourth option.  A request for registration implies that the
> mechanisms are actively supported.  We can require that they register
> a RFC4222 compliant name and implement that name.  They will need to
> of course support accepting both the "too long" name and the
> registered name.
>
> On the registration page a note could be added next to the registered
> name with the "too long" name and the mechanism version in which the
> name was fixed.

There is interest from them to standardize something here -- so
effectively this means chosing option 2) now and the standardized
variant will be registered when it is ready.

> Continued use of "too long" names is an interoperability risk for
> their end users.
>
> Am I curious how the "too long" names are working today.
>
> Do SASL implementations not enforce the name length restriction?
>
> Do SASL implementations truncate the name to 20 characters?

They don't use any normal SASL library but implements a thin SASL layer
themselves.  I don't think many IRC clients/servers use regular SASL
libraries for this, so the fact that SASL libraries are limited to 20
characters doesn't matter.

/Simon