Re: [kitten] Register too long SASL mechs?
Alexey Melnikov <alexey.melnikov@isode.com> Thu, 27 May 2021 09:28 UTC
Return-Path: <alexey.melnikov@isode.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id E06183A15B9
for <kitten@ietfa.amsl.com>; Thu, 27 May 2021 02:28:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001,
SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001]
autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key)
header.d=isode.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id oGv0srPs-7F0 for <kitten@ietfa.amsl.com>;
Thu, 27 May 2021 02:28:16 -0700 (PDT)
Received: from waldorf.isode.com (waldorf.isode.com [62.232.206.188])
by ietfa.amsl.com (Postfix) with ESMTP id 38B753A15B8
for <kitten@ietf.org>; Thu, 27 May 2021 02:28:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1622107692;
d=isode.com; s=june2016; i=@isode.com;
bh=YPLuNhMvdFk/sb5QDL24Ofl4HTwof/x+sc/Fg6czDLE=;
h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:
In-Reply-To:References:Content-Type:Content-Transfer-Encoding:
Content-ID:Content-Description;
b=K/MRNqrxSzxDEZv3KulMkCH5zpLOY1Y9lDSwTnIhdF6TNpkRbfl6TkVxk3IYYY2bPNWNYf
SZ+qnggycOuBBUopr4L/W/RCw76nIVUWUKogYiGIRxdfq8JaqZhagMIULLPSpIu3v6mnQb
hEHeS80qipzBg3V4bdwQKNyZRf+PVZk=;
Received: from [192.168.1.222] (host31-49-142-126.range31-49.btcentralplus.com
[31.49.142.126])
by waldorf.isode.com (submission channel) via TCP with ESMTPSA
id <YK9mKwAX7qta@waldorf.isode.com>; Thu, 27 May 2021 10:28:12 +0100
From: Alexey Melnikov <alexey.melnikov@isode.com>
To: Simo Sorce <simo@redhat.com>, Simon Josefsson <simon@josefsson.org>
References: <87im35a9mi.fsf@latte.josefsson.org>
<8b6082df6e3fc913a0ea1cc3ae31350cc81b8738.camel@redhat.com>
Cc: "kitten@ietf.org" <kitten@ietf.org>
Message-ID: <33cbe559-7b1f-af49-88f7-3ce1bea14bdd@isode.com>
Date: Thu, 27 May 2021 10:28:11 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0)
Gecko/20100101 Thunderbird/78.10.0
In-Reply-To: <8b6082df6e3fc913a0ea1cc3ae31350cc81b8738.camel@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-GB
Content-transfer-encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/IGp42c2G0YdCjsx9NsK9FWBBI1U>
Subject: Re: [kitten] Register too long SASL mechs?
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>,
<mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>,
<mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 May 2021 09:28:21 -0000
Hi Simo, [I sent this message just to Simo by mistake. Resending.] On 26/05/2021 17:39, Simo Sorce wrote: > On Wed, 2021-05-26 at 15:48 +0200, Simon Josefsson wrote: >> Hi! There is a request to register the ECDH-X25519-CHALLENGE and >> ECDSA-NIST256P-CHALLENGE mechanism names in the IANA SASL registry. The >> policy is First Come First Serve, so there is no real requirement of a >> standard or anything, however the names are longer than the 20 character >> limit imposed by RFC 4422. Supposedly these are already deployed and >> have been used in the wild for a couple of years already. >> >> Some references: >> https://www.iana.org/assignments/sasl-mechanisms/sasl-mechanisms.xhtml >> https://github.com/atheme/atheme/blob/master/modules/saslserv/ecdh-x25519-challenge.c >> https://github.com/kaniini/ecdsatool#mechanism-spec >> >> As far as I can see, we have some options: >> >> 1) Just let IANA register these names even if they are non-compliant. >> >> 2) Don't formally register them but mention them on the IANA page to >> avoid any interop problems and allowing people to find out what these >> are. >> >> 3) Refuse registration since tey are non-compliant. >> >> I prefer 2) but could live with 1) as well. I don't think it is in the >> best interest of anybody that registration is refused on technicalities. >> Maybe this post is sufficient to make relevant parties aware of what is >> happening, and IANA can continue with 1). >> >> Thoughts? >> >> Pursuing standardization, or publishing a stable specification, of the >> mechanisms is orthogonal to registration, but would be useful. > Is there any risk that using those names can cause issues to an > implementation that conforms to RFC 4422 ? Possibly. RFC 4422 defines: sasl-mech = 1*20mech-char so if an implementation is using a fixed size buffer, there might be some issues. It is harder to know whether there are any implementations which actually use fixed length buffer for SASL mechanism names. Best Regards, Alexey
- [kitten] Register too long SASL mechs? Simon Josefsson
- Re: [kitten] Register too long SASL mechs? Simo Sorce
- Re: [kitten] Register too long SASL mechs? Simon Josefsson
- Re: [kitten] Register too long SASL mechs? Robbie Harwood
- Re: [kitten] Register too long SASL mechs? Alexey Melnikov
- Re: [kitten] Register too long SASL mechs? Simo Sorce
- Re: [kitten] Register too long SASL mechs? Jeffrey Altman
- Re: [kitten] Register too long SASL mechs? Simon Josefsson
- Re: [kitten] Register too long SASL mechs? David Lloyd