Re: [kitten] Adam Roach's Discuss on draft-ietf-kitten-pkinit-alg-agility-05: (with DISCUSS and COMMENT)

Adam Roach <adam@nostrum.com> Wed, 06 March 2019 17:09 UTC

Return-Path: <adam@nostrum.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5806413115F; Wed, 6 Mar 2019 09:09:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.679
X-Spam-Level:
X-Spam-Status: No, score=-1.679 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=nostrum.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TQae9Qry1uql; Wed, 6 Mar 2019 09:09:01 -0800 (PST)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 83F9B1311DB; Wed, 6 Mar 2019 09:08:59 -0800 (PST)
Received: from MacBook-Pro.roach.at (99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id x26H8rCD055644 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Wed, 6 Mar 2019 11:08:57 -0600 (CST) (envelope-from adam@nostrum.com)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nostrum.com; s=default; t=1551892139; bh=i7ddUdBbaUX/9wkdxg86Qrp1nz0UVa0eMa2tJiKeGiI=; h=Subject:To:Cc:References:From:Date:In-Reply-To; b=YbKcVSqG9ptJx3DhM92vyP3HBEj05ZasPH8IzLpYxZpVcdkr4Pa8F9z3iyfWR8cTv ywZNdmcbmkqrL34bI1ITWAlliyAEAwTXMs+2A5F48xnvfKPxLg6Vph6rLKNAQwFYiY P+CXQrcoUnihebbQr+0l9h0ZbRUkO/ZKGnlT7R1c=
X-Authentication-Warning: raven.nostrum.com: Host 99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228] claimed to be MacBook-Pro.roach.at
To: Greg Hudson <ghudson@mit.edu>, Datatracker on behalf of Adam Roach <ietf-secretariat-reply@ietf.org>, The IESG <iesg@ietf.org>
Cc: kitten@ietf.org, kitten-chairs@ietf.org, Robbie Harwood <rharwood@redhat.com>, draft-ietf-kitten-pkinit-alg-agility@ietf.org
References: <155186093172.24680.5838326300642921223.idtracker@ietfa.amsl.com> <7f7e80d6-2ba1-ddc9-3633-612f236e5276@mit.edu>
From: Adam Roach <adam@nostrum.com>
Message-ID: <a537637e-23b7-4d3d-7620-57fec6d17c6e@nostrum.com>
Date: Wed, 06 Mar 2019 11:08:48 -0600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.5.2
MIME-Version: 1.0
In-Reply-To: <7f7e80d6-2ba1-ddc9-3633-612f236e5276@mit.edu>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/QAL4Av-hEo25WHC6JHeLgMB2Buk>
Subject: Re: [kitten] Adam Roach's Discuss on draft-ietf-kitten-pkinit-alg-agility-05: (with DISCUSS and COMMENT)
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Mar 2019 17:09:04 -0000

Thanks for the quick response! I've cleared my discuss, as the relevant 
values are now registered where Kerberos registrations apparently happen 
at the moment. :)

/a

On 3/6/19 10:55 AM, Greg Hudson wrote:
> On 3/6/19 3:28 AM, Datatracker on behalf of Adam Roach wrote:
>> I can see in
>> https://www.iana.org/assignments/smi-numbers/smi-numbers.xml#smi-numbers-26
>> that the OID 1.3.6.1.5.2 has been reserved for Kerberos v5 objects (a
>> reservation that appears to have been copied out of RFC 1700). I also see that
>> RFC 4556 uses 1.3.6.1.5.2.3 and defines three nodes (.1, .2, and .3) underneath
>> it. Try as I might, I can't find any plausibly authoritative registry that
>> tracks the reservation of 1.3.6.1.5.2.3, or of its children 1.3.6.1.5.2.3.1,
>> 1.3.6.1.5.2.3.2, and 1.3.6.1.5.2.3.3.
> Historically, OIDs under 1.3.6.1.5.2 have been managed out of
> https://web.mit.edu/kerberos/krb5-oids/krb5-oids.asn , first by Taylor
> Yu and more recently by myself.
>
>> This document also defines 1.3.6.1.5.2.3.6.1, 1.3.6.1.5.2.3.6.2,
>> 1.3.6.1.5.2.3.6.3, and 1.3.6.1.5.2.3.6.4 for the various hash algorithms.
>> Assuming this list continues to be added to, how will future specifications
>> avoid collisions?
> These four OIDs were not in the registry file (although their parent was
> included); I have added them.
>
>> I have a similar question about 1.3.6.1.5.2.4.5.1.
> This OID also appeared to be missing from the registry, and I have added it.
>
>> To be clear: if I understand the situation correctly, I recognize that there
>> may be a bigger problem here that is beyond the remit of this document to
>> solve; however, I think it would be reasonable to not make the existing problem
>> worse. In particular -- and again, I may simply be confused here -- I would
>> expect this document to at least ask IANA to create a table at
>> https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml that keeps
>> track of the children of 1.3.6.1.5.2.3.6.
> The Kerberos protocol has a history of managing some number spaces
> privately, and others through IANA.  There was an effort to move many of
> those number spaces to IANA (draft-ietf-kitten-kerberos-iana-registries)
> but it stalled.  It doesn't look like OIDs were part of that effort.
>