Re: [kitten] Updating IANA krb5 GSSAPI token type registry
Benjamin Kaduk <kaduk@MIT.EDU> Tue, 04 March 2014 16:49 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4BD971A0243 for <kitten@ietfa.amsl.com>; Tue, 4 Mar 2014 08:49:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.148
X-Spam-Level:
X-Spam-Status: No, score=-3.148 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vOlDIg8U5Zo4 for <kitten@ietfa.amsl.com>; Tue, 4 Mar 2014 08:49:57 -0800 (PST)
Received: from dmz-mailsec-scanner-3.mit.edu (dmz-mailsec-scanner-3.mit.edu [18.9.25.14]) by ietfa.amsl.com (Postfix) with ESMTP id 0F0641A021C for <kitten@ietf.org>; Tue, 4 Mar 2014 08:49:56 -0800 (PST)
X-AuditID: 1209190e-f79ee6d000000c40-98-53160431676f
Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) (using TLS with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-3.mit.edu (Symantec Messaging Gateway) with SMTP id 6D.3B.03136.13406135; Tue, 4 Mar 2014 11:49:53 -0500 (EST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id s24GnqAS032064 for <kitten@ietf.org>; Tue, 4 Mar 2014 11:49:53 -0500
Received: from multics.mit.edu (system-low-sipb.mit.edu [18.187.2.37]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id s24GnpMa017784 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for <kitten@ietf.org>; Tue, 4 Mar 2014 11:49:52 -0500
Received: (from kaduk@localhost) by multics.mit.edu (8.12.9.20060308) id s24GnoMQ020488; Tue, 4 Mar 2014 11:49:50 -0500 (EST)
Date: Tue, 04 Mar 2014 11:49:50 -0500
From: Benjamin Kaduk <kaduk@MIT.EDU>
To: kitten@ietf.org
In-Reply-To: <alpine.GSO.1.10.1309041148130.16692@multics.mit.edu>
Message-ID: <alpine.GSO.1.10.1403041135510.1213@multics.mit.edu>
References: <20130806223553.CD3401A8EC@ld9781.wdf.sap.corp> <29F4D66E-3E8F-4033-8779-8EA158C1B72A@padl.com> <alpine.GSO.1.10.1308062018070.24720@multics.mit.edu> <alpine.GSO.1.10.1309041148130.16692@multics.mit.edu>
User-Agent: Alpine 1.10 (GSO 962 2008-03-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format="flowed"; charset="US-ASCII"
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrGIsWRmVeSWpSXmKPExsUixG6nomvIIhZs0PhPy+Lo5lUsDoweS5b8 ZApgjOKySUnNySxLLdK3S+DK+L5nOntBk2DFkX/f2BsYL/B2MXJySAiYSDz6fIMNwhaTuHBv PZDNxSEkMJtJYs60LkYI5xijxO5vfUwQznUmiZ2dzUwgLUIC9RI3734Bsjk4WAS0JJYfiwEJ swmoSMx8sxFsqoiAsMTure+YQUqEBZwlNu6KAAlzCjhJXJwHsZhXwEGi+d9DmPGMEls/vQBL iAroSKzeP4UFokhQ4uTMJ2A2s4ClxL+1v1gnMArMQpKahSS1gJFpFaNsSm6Vbm5iZk5xarJu cXJiXl5qka6xXm5miV5qSukmRlDwcUry7WD8elDpEKMAB6MSD6/DFJFgIdbEsuLK3EOMkhxM SqK8/5nEgoX4kvJTKjMSizPii0pzUosPMUpwMCuJ8Jq+EA0W4k1JrKxKLcqHSUlzsCiJ89Za /AoSEkhPLEnNTk0tSC2CycpwcChJ8O5mABoqWJSanlqRlplTgpBm4uAEGc4DNPwEyGLe4oLE 3OLMdIj8KUZFKXHezyAJAZBERmkeXC8sObxiFAd6RZjXkBmoigeYWOC6XwENZgIa/OU1yNXF JYkIKakGxjnHNnEs8DxcYMYi9dK1hv2P0N35Oc0X3HtOek86Zv0o60OLBfPcj3ev31azF82e metgucTp780TexfqZ7e5yJZeOWJkftsvxESUp7rE1s7z2rscdt99Nn5qeUo15lXT5NKPHV9/ bW7u4cUNqx0EQvzCmcxOTzYyTDBYffuAZvBtOwfl2Mv5SizFGYmGWsxFxYkA+hGBlOkCAAA=
Archived-At: http://mailarchive.ietf.org/arch/msg/kitten/NvdOECxJwHFipemgP4qdEAuZfx0
Subject: Re: [kitten] Updating IANA krb5 GSSAPI token type registry
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Mar 2014 16:49:59 -0000
Digging up an old thread.... The wheels of progress have slowly spun, and the registry at http://www.iana.org/assignments/kerberos-v-gss-api/kerberos-v-gss-api.xhtml#token-types has been updated to include the rest of the token types from RFC 4121, and the values from RFCs 1964 and 6880. As expected, values from in-progress I-Ds were not included. In particular, the value 0405 from draft-ietf-krb-wg-gssapi-cfx-02 which was removed before that document became RFC 4121, and the value 0501 from draft-ietf-kitten-iakerb-00 (now -01), were not added. Apparently they were declined on the grounds that they don't meet the criteria defined in section 7.2 of draft-ietf-abfab-gss-eap: In the top-level registry titled "Kerberos V GSS-API Mechanism Parameters", a subregistry called "Kerberos GSS-API Token Type Identifiers" was created; the references for this subregistry are RFC 4121 and this document. The allocation procedure is Expert Review [RFC5226]. The Expert's primary job is to make sure that token type identifiers are requested by an appropriate requester for the RFC 4121 mechanism in which they will be used and that multiple values are not allocated for the same purpose. For RFC 4121 and this mechanism, the Expert is currently expected to make allocations for token identifiers from documents in the IETF stream; effectively, for these mechanisms, the Expert currently confirms the allocation meets the requirements of the IETF Review process. The RFC 4121 (krb5) and RFC 7055 (EAP) mechanisms appear to be specifically called out to have the expected behavior of the exper reviewer essentially be "standards action", to confirm that the assignment has had adequate IETF review. Perhaps token types used by some other mechanism could get by with a weaker review standard. To me, this seems like a(nother) bug in RFC 7055, but of course it is not one that can be reasonably fixed. I guess that the easiest way forward is to publish a quick document that reserves 0405 and 0501 noting that they were in use before the registry was established. -Ben
- [kitten] I-D Action: draft-ietf-kitten-iakerb-00.… internet-drafts
- Re: [kitten] I-D Action: draft-ietf-kitten-iakerb… Benjamin Kaduk
- [kitten] Updating IANA krb5 GSSAPI token type reg… Benjamin Kaduk
- Re: [kitten] I-D Action: draft-ietf-kitten-iakerb… Benjamin Kaduk
- Re: [kitten] Updating IANA krb5 GSSAPI token type… Tom Yu
- Re: [kitten] Updating IANA krb5 GSSAPI token type… Martin Rex
- Re: [kitten] Updating IANA krb5 GSSAPI token type… Luke Howard
- Re: [kitten] Updating IANA krb5 GSSAPI token type… Benjamin Kaduk
- Re: [kitten] Updating IANA krb5 GSSAPI token type… Martin Rex
- Re: [kitten] Updating IANA krb5 GSSAPI token type… Luke Howard
- Re: [kitten] Updating IANA krb5 GSSAPI token type… Benjamin Kaduk
- Re: [kitten] Updating IANA krb5 GSSAPI token type… Benjamin Kaduk
- Re: [kitten] Updating IANA krb5 GSSAPI token type… Simo Sorce
- Re: [kitten] Updating IANA krb5 GSSAPI token type… Jeffrey Hutzelman
- Re: [kitten] Updating IANA krb5 GSSAPI token type… Benjamin Kaduk
- Re: [kitten] Updating IANA krb5 GSSAPI token type… Martin Rex
- Re: [kitten] Updating IANA krb5 GSSAPI token type… Simo Sorce
- Re: [kitten] Updating IANA krb5 GSSAPI token type… Sam Hartman
- Re: [kitten] Updating IANA krb5 GSSAPI token type… Jeffrey Hutzelman
- Re: [kitten] Updating IANA krb5 GSSAPI token type… Shawn M Emery
- Re: [kitten] Updating IANA krb5 GSSAPI token type… Benjamin Kaduk
- Re: [kitten] Updating IANA krb5 GSSAPI token type… Sam Hartman
- Re: [kitten] Updating IANA krb5 GSSAPI token type… Benjamin Kaduk
- Re: [kitten] Updating IANA krb5 GSSAPI token type… Jeffrey Hutzelman
- Re: [kitten] Updating IANA krb5 GSSAPI token type… Sam Hartman