IETF Logo Mail Archive

Re: [kitten] Murray Kucherawy's No Objection on draft-ietf-kitten-krb-spake-preauth-11: (with COMMENT)

Nico Williams <nico@cryptonector.com> Fri, 19 January 2024 05:05 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B1F25C14F6ED; Thu, 18 Jan 2024 21:05:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tWzN1KEpL71d; Thu, 18 Jan 2024 21:05:52 -0800 (PST)
Received: from beige.elm.relay.mailchannels.net (beige.elm.relay.mailchannels.net [23.83.212.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 89774C14F6B4; Thu, 18 Jan 2024 21:05:51 -0800 (PST)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id A8D2950182C; Fri, 19 Jan 2024 05:05:50 +0000 (UTC)
Received: from pdx1-sub0-mail-a287.dreamhost.com (unknown [127.0.0.6]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 30929501F9B; Fri, 19 Jan 2024 05:05:50 +0000 (UTC)
ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1705640750; a=rsa-sha256; cv=none; b=Syr9ujUlOZlYxn7l1urPuswexZfrxXWmweByQhdODrtrcsge8QukLzgel972gmdnRoEVig BP018YlP8iybJn5VG03PYRsTKQmsz33LpFNUsO4pDdh0IQcNZX7XBc/en+W2t9xOHi38m7 xT7vro8vgKOVNZO2Kqxj4Tbhs7a9ZSXg22q+HhnvCXA7C04t8nF3IOxGQ/qKOLK0Cwd5pC lS/kSEjxS74HQQp4GLoeDf/q2B6XbXBxv1MkLQqaYGE1A/tn7QNh9AkfjENLhywMog9yDm +SNYRl6WYmw3n5l0cFodcVkBr1cfPFgEOkow644x2yqPbdGcfnU6RLCiX30ZdQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1705640750; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=QOW5stwCe0JkgRzTER2wK0kYDJ/MSMfQkGwmi0PWiQk=; b=ePqjkZ+1NfxnL3QS+iZrJR7SHV7msw+schVtQAB3U4qLmZDh3Iw8epQ72SivdiF3NUbESR mGcAOvTR0VZCedvxPwbYARCj+/ECt+dZLbFCR+8D+tBvPj5P23OzJS7DebJnFiF3gkYjuC 73I3vWlMVmJlW3z74oxRtnsJ80cbkXcdhX/ypCZ5JEc3aFXR4GE5on5rs9BLtr8QyIPLJy WjIGLZY8JYuhuZ9dxfFF/3ISSSDkU5vTyzUi5+aAeTxMMgrLC38Pfi/k2+dmjPbupGiQ/t hBHjbW89mI/MjE0AK9rqXirCAbOOOa2XjcGX6IBO4XRWC7WuokWypVeCY8Va/g==
ARC-Authentication-Results: i=1; rspamd-568947cb6c-mdj7t; auth=pass smtp.auth=dreamhost smtp.mailfrom=nico@cryptonector.com
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-Eight-Towering: 49728abc34847c27_1705640750508_1564837114
X-MC-Loop-Signature: 1705640750508:1980450939
X-MC-Ingress-Time: 1705640750508
Received: from pdx1-sub0-mail-a287.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.123.135.9 (trex/6.9.2); Fri, 19 Jan 2024 05:05:50 +0000
Received: from ubby (075-081-095-064.res.spectrum.com [75.81.95.64]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a287.dreamhost.com (Postfix) with ESMTPSA id 4TGSHd1md9zGw; Thu, 18 Jan 2024 21:05:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cryptonector.com; s=dreamhost; t=1705640749; bh=QOW5stwCe0JkgRzTER2wK0kYDJ/MSMfQkGwmi0PWiQk=; h=Date:From:To:Cc:Subject:Content-Type:Content-Transfer-Encoding; b=SCtNZzmmuIyE67+LyLuaJ0y53JZSU67kUA/F7zQxfKSOeXCPLP+agmuEnptvJ0tYz Jm6fvByfn60ij37jq3XiSv39d840IFToSEOA/gwfn71coTuhemKyMie8tjCEZe/RTj REddeXU/7HkG/3k3j0ZGW9ilcT6gwT3z5JQJfCMtQL8lcqWHVoP1nzubMVi1SFytk/ bXc7X1pSYPMac7E3Vz/OAYL0vwNyFvTG3XUlRCuD0X64JcNue7p1PglT514rIZPiJ9 +gojGWdDSyggFbTAK5PCawiTKyDsBrZ/UTxkoDKfOBOIlLoIvzjgqpb/IiMPEqUfj7 /aFap+pnCsq9g==
Date: Thu, 18 Jan 2024 23:05:46 -0600
From: Nico Williams <nico@cryptonector.com>
To: "Murray S. Kucherawy" <superuser@gmail.com>
Cc: Greg Hudson <ghudson@mit.edu>, The IESG <iesg@ietf.org>, draft-ietf-kitten-krb-spake-preauth@ietf.org, kitten-chairs@ietf.org, kitten@ietf.org
Message-ID: <ZaoDKjMhV3g1w4pp@ubby>
References: <170559100930.21281.8142882686300667918@ietfa.amsl.com> <d5d9e798-c6c1-4f15-a1f2-4e08580a70c4@mit.edu> <CAL0qLwZUOepsqoGY+kb5tB8CBc=EOYAtoSXk35XAMD4LF5Hw8w@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <CAL0qLwZUOepsqoGY+kb5tB8CBc=EOYAtoSXk35XAMD4LF5Hw8w@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/JtztgNMZF6fW0UhbAGwdsEfL29c>
Subject: Re: [kitten] Murray Kucherawy's No Objection on draft-ietf-kitten-krb-spake-preauth-11: (with COMMENT)
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Jan 2024 05:05:57 -0000

On Thu, Jan 18, 2024 at 08:17:52PM -0800, Murray S. Kucherawy wrote:
> On Thu, Jan 18, 2024 at 10:15 AM Greg Hudson <ghudson@mit.edu> wrote:
> > The IANA Kerberos preauthentication registry contains references
> > to numerous expired drafts besides this one.
> 
> I think that's unfortunate, since the whole idea of having a specification
> be required is that it needs to be relatively stable, and something that
> has expired is, to me at least, not.

I-Ds expire, yes, but they are not deleted, neither from the Internet
nor from the IETF I-D archive.  I-Ds are versioned, and each version is
"stable".  I believe an I-D counts as "specification exists" under RFC
2434.

When an RFC is desired one might want to use IETF Consensus as the
registry's allocation policy.  In this case the registry in question has
an allocation policy of Expert Review, which means that a specification
is not even needed, let alone an RFC.

Many Internet protocols require IANA registry allocations prior to RFC
publication for good reasons:

 - publishing an RFC just to obtain an allocation for a work-in-progress
   is impractical

 - not having allocations prior to publication greatly complicates
   testing and soaking

 - private use namespaces do work, but then when upon publication
   _different_ allocations are obtained there then arises an upgrade
   problem in the field that may not be trivial to manage

It's not just Kerberos, but TLS and others, that have used I-Ds as
"specifications".

Often what we want is just Expert Review, and sometimes we want both
Expert Review _and_ Specification Exists.  RFC 2434 doesn't limit
allocation policies to the ones it lists, as it terms them "example
policies, some of which are in use today", but this registry currently
requires only Expert Review.  I believe Expert Review is appropriate for
this registry.

Nico
--

v2.23.0 | Report a Bug | By Email