IETF Logo Mail Archive

Re: [kitten] Adam Roach's Discuss on draft-ietf-kitten-pkinit-alg-agility-05: (with DISCUSS and COMMENT)

Greg Hudson <ghudson@mit.edu> Wed, 06 March 2019 16:57 UTC

Return-Path: <ghudson@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E07513103B; Wed, 6 Mar 2019 08:57:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mit.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2Qg7_Hf1zcRj; Wed, 6 Mar 2019 08:57:16 -0800 (PST)
Received: from NAM04-SN1-obe.outbound.protection.outlook.com (mail-eopbgr700135.outbound.protection.outlook.com [40.107.70.135]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 45716130F46; Wed, 6 Mar 2019 08:55:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7kEFEk9CRc66zczxCiQFBrXpOay0dGTIyB0QbzhiiVc=; b=Nu5gNLIJhvabPC09irkHivvs9mTk6mdv7HqhWqt/H9ewlMt35FUgxggRyf8RNHQB4BLzbU/J2RtD77qarnIBLhCHuILGpOc6GPN5SojF/Shi9q2lhejZI+WN5GmR60vXYQeqckTiNPv/ccmwhY3LspYYbRV20RS8HOCGB+Jbn8I=
Received: from SN2PR01CA0059.prod.exchangelabs.com (2603:10b6:800::27) by BYAPR01MB4854.prod.exchangelabs.com (2603:10b6:a03:91::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1665.20; Wed, 6 Mar 2019 16:55:04 +0000
Received: from DM3NAM03FT007.eop-NAM03.prod.protection.outlook.com (2a01:111:f400:7e49::202) by SN2PR01CA0059.outlook.office365.com (2603:10b6:800::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1665.18 via Frontend Transport; Wed, 6 Mar 2019 16:55:04 +0000
Authentication-Results: spf=pass (sender IP is 18.9.28.11) smtp.mailfrom=mit.edu; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=mit.edu;
Received-SPF: Pass (protection.outlook.com: domain of mit.edu designates 18.9.28.11 as permitted sender) receiver=protection.outlook.com; client-ip=18.9.28.11; helo=outgoing.mit.edu;
Received: from outgoing.mit.edu (18.9.28.11) by DM3NAM03FT007.mail.protection.outlook.com (10.152.82.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1643.13 via Frontend Transport; Wed, 6 Mar 2019 16:55:03 +0000
Received: from [18.101.8.206] (VPN-18-101-8-206.MIT.EDU [18.101.8.206]) (authenticated bits=0) (User authenticated as ghudson@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x26Gt0NG003162 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Wed, 6 Mar 2019 11:55:01 -0500
To: Datatracker on behalf of Adam Roach <ietf-secretariat-reply@ietf.org>, The IESG <iesg@ietf.org>
CC: draft-ietf-kitten-pkinit-alg-agility@ietf.org, Robbie Harwood <rharwood@redhat.com>, kitten-chairs@ietf.org, kitten@ietf.org
References: <155186093172.24680.5838326300642921223.idtracker@ietfa.amsl.com>
From: Greg Hudson <ghudson@mit.edu>
Openpgp: preference=signencrypt
Autocrypt: addr=ghudson@mit.edu; keydata= xsFNBFLMQYIBEADZLNv8Jpeo2d4XSLE+k6m1VD2iOyX66wErZKaQpYrGB/leWKfz8l6c3pWd iVUnCoyxKlhRuGVArszdh2wUSRgHnMl86JC/vIdawdOdbnlTVfOJTiP3EfycsMUUDG6GckLY e+xxo7sM/bpXpGkbIWc0Ec/vbQt67eeW2En1AqL+ezJdVN9XL8icH2Hu6HlqxGgleC5H0yAi kM4yvNjo5z2M/Dr/x63bLcIdKkSRPzd0OaBg2g0Yh651eYpPu0e1Gi6785ZBjV4bnv3K5oLo 5XsiHIZ60maHWTEyMO/byw4aS2cCWIovXurvz699KSF83B296+xhsFhhz4+kbQgXvJt4kIoI pdpX6xbIkeVlc+FuUbyE8MUGveA3TFHXZ4+0f2tvTekey/62FOeXnrqc4NsBViir3zGTXAqC 7PQTNnX/86jyW+9SnJo9XbSBB3NV0K5I2o1cDzqRPqy/4fsoq8SxQwRga0CSId1PzE9PUEUY V0FCldo9LvPsUK9YE7AuwC+bcQiVLah5TF+5Kk7yLSaRxzQ3fI5lcqk5UPUqMLa87cRBdnal niuHVg0u3W22RMPkWe2iPIYYdr4TQDzCkD2JXpXNaZ3KipVT5aqowwfPEt7b6ti0vjrOInij YzFmVNMGKYabwh2zxKWQQ8GO5mUVu09CSe33H4EW7pDP+zHr2wARAQABzR1HcmVnIEh1ZHNv biA8Z2h1ZHNvbkBtaXQuZWR1PsLBeAQTAQIAIgUCUsxBggIbAwYLCQgHAwIGFQgCCQoLBBYC AwECHgECF4AACgkQDLoIV1+Dct8dZBAA1Mtoq1RPuUQg6hL2qFjwTEXeonWq8czkQ1fNNzO9 x8I3VLn5L6CmWeAmxRU1DD0qZ5HL24+Mwnvy/eazp4/CSgiPC52KfbNsnQtg/E+8ruFQVHA/ 3HZXuCT/Nz4s06N3fMZrJLCGNEHRD0S43kb2GGboVY3ykO3FbPJB/DxDqtIMqt6B1SZ87UAR CVsRc296X3TsF9BgoQ/n54XfYAzrACkuIH9biHmH6wB1eykCeuhkCsu5Zf/tlSXJCFiuhvS+ CX2EbNKF+0MLcGAavSzbjTnQw3kv8unSgecbEQ7A8ibGx6Jwgnvy0gzu6w4prhR40pVYDcL+ sKsmQg6jo/uPvGdEqHISFSK8FxGGAonaAwg0014bXLaPo2MckcZ+szcHA/z4vpTdB1vChexL omM5ZTeSJaFfeYsspv8sq6EL1x21c7A+ngCmB70/OZR6dcgf9/ILmcjBiYfJHYukXTIvGT6y QJbok19So8RJKUYjzzHDKBweg8x6HdIrdy7HTcLzsqY9PFGg7/YlbLlGQwYXhK1b4uBmWyE7 I/402+57I1YpMYND7vsTmJuE13Gv5ZGhYn5pSzX9ZTWY13LgGymkWBXPxfefkHKTV9ROCGEL t7SV3Nf7ZsCGLRGmDT6oqLz75/IrhKEcHIfD4ct+QvIm6pvPNvikQMwPWSd52GazILLOwU0E UsxBggEQAKaz/wX8nsSUaivmwW4NVlbmTsErHUt9iNHm9CmieuoDv1o8qUqEV6RiONIs0q5Y +dcooazhHRNpjAST2rbQFBZebfpVRKYAGzHoZEQ6OV8Eao+NjAGazS8RuwIxpeZ36r3AyVhe TAIvIzwpQFDNKTIUNbXctHrZ157TlxDuKwZ3+Yw/bhQE5YGrSLm17wIMcY3UHiE1mO5X0ohR dDeTf93PignUUvWvRRQLyxRGsBLz/CCwmCJZeu/FjnDk8HkEbAlmFAJ+YZu9rQ40vU6Z40KY L5U9PIn0FdSxviK7mys+VbFYV6mXWXZN8dOkHuG6zSdmobE90G6ZzAPcI4cyql63N+kUOb3b hGI/Wvn6tUbWeIc8UvQGpYb0+eOKHQBNKUOq5RV98hZorZRCu2W2RzZSxiufyONvtonbUtYs BMdw+gqUpK0ir782lc3cKbj+X5iiyg3ZGvBmTU6FN/MiX6MnTyEwOScFboKe6vB8ZgwII85K n9qlSI3xH56JBXamMP0yqJf57q0WfP8V7lFtm8SmhU2NQyP3wRYDm2+bLTNCmRPJN2ZUgkTx c/Qjov8TeeiTfX9S3ea/GJOdgA1mQfSkmUoOWROnwDBbKGBXNzkkoJna8j/zWgo/mQ5gNdIu HXcIdDKbyyhVH3+DwxXYWyYP/pnIk3AVCss75dXcdStfABEBAAHCwV8EGAECAAkFAlLMQYIC GwwACgkQDLoIV1+Dct+oSA/9HyTkr+UQbaucXE9pP87yasObKCBxYhoeRjzBhgtYUtSDuH2o xl5M3wmTNOooQSa8R1ljhax9v02pqspIA9hyGjGjvZ6jPydDsANNcohdbMjCzXNdrCF5149w gbGQ07rkc5JNyajzxH4GE/BXclTzwTYAaHvYM5PEQLDhmubK3M/kBvjWpZxLAJAobMi/jVwQ cmai+N56X9Ht/FVIQlmCuXoMAE9ScVWFaq8JnCo9VZ0G045NcxdEoQXVUXb3E5cmZ0Ld9sUm SKSJKjYWjfE4c/8oylZuo9LDTwozBEp/jsASjL0g8F3QJsQUkFkKROd45xHcIkFulshS3xkG gMu6UduV2ypPz987f+0wdVwx+KYnmnUB83gxqVucFRxfZZXiUHUml4rJ7Ww2+//H9FFPfw9f aPMg7nLFm2T0to3pwgyisLH/aThzW3TY7CZ7gkvMDtbo9EHrN4Nl3onuOtOKQpIMbFVqX4YZ m6znSLuUiWDUd8rvQfz+4ndZKIFOG1YIKwQBV8tN1RYBGY9bhv2Wtt5X6SKIzkUhDdgeyzci MC1M3N0Pqoqrms7FdBKAd0BE7puhQ24U42APss+Ur6WyRZMQTKc41SZWfrWV30agytUVdtRu gxERw74qeGAz6o3if42vI6u30SR6OCLMMSobqKc7HQvJ2qv3Z6j9kt1zXiE=
Message-ID: <7f7e80d6-2ba1-ddc9-3633-612f236e5276@mit.edu>
Date: Wed, 06 Mar 2019 11:55:00 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1
MIME-Version: 1.0
In-Reply-To: <155186093172.24680.5838326300642921223.idtracker@ietfa.amsl.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:18.9.28.11; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(39860400002)(376002)(346002)(396003)(136003)(2980300002)(199004)(189003)(65956001)(2616005)(64126003)(186003)(106002)(786003)(316002)(36906005)(478600001)(230700001)(356004)(106466001)(58126008)(54906003)(8676002)(6306002)(53546011)(229853002)(76176011)(966005)(305945005)(31686004)(426003)(88552002)(47776003)(336012)(6706004)(956004)(446003)(2486003)(26826003)(110136005)(246002)(104016004)(2906002)(11346002)(23676004)(36756003)(65826007)(5660300002)(8936002)(126002)(486006)(4326008)(65806001)(26005)(6246003)(50466002)(86362001)(31696002)(476003)(7696005)(75432002); DIR:OUT; SFP:1102; SCL:1; SRVR:BYAPR01MB4854; H:outgoing.mit.edu; FPR:; SPF:Pass; LANG:en; PTR:outgoing-auth-1.mit.edu; A:1; MX:1;
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 67b33a34-f0e3-45d0-a7f5-08d6a2547add
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600127)(711020)(4605104)(4608103)(4709054)(2017052603328)(7153060); SRVR:BYAPR01MB4854;
X-MS-TrafficTypeDiagnostic: BYAPR01MB4854:
X-MS-Exchange-PUrlCount: 3
X-LD-Processed: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr
X-Microsoft-Exchange-Diagnostics: 1; BYAPR01MB4854; 20:Lsaw6oirVwqRopgslqHBP4pOQkLXox7//TKigKviKC5y+7r0jT4fNX3mdodsE6Xk762ZTfB4k9eULl8afD5iBXnUDPu0pIotCnxMLvDzIjLFAZsLpCyUhaFmFhcq/M29uL9dXOBC1xZd2IeaqMC5BMarg/10By8hlyEUsAFJlVH/+vyhc8RRntetLnRTUE1bdrQvli4d0kTelI/QPhpHS/rrSc+81/CBYZr2QZ1MAjqSoRwBp6gls4pVydOmRt6LxP8lHhvAZdR43eNCyrhQwsxuHHTTz1gY2hjJJE/c4ZaSZZRZvRQTLCPkzcVUzDYLdSgr8s/VL3HoLv4iu4+TBRDRMvmi1Mh8Ofuo493AQrfEFafHPAGClrQ7lxyUu7xXl4+F9ccMMXGnYxKzu4Oa/ccx0aWRiKTzbn3cM4r9kVz1zIffR2YZGCmShqJkcH2qVbAjLC3dYWPK86LduFm5KY9sDKTux3dDsUwkW0Afa1iUNbAZoWk2l/OmFfcvWIr0yJo8xxkln6oWwVhDHkkw8fVAY+LdugqN172NmoaWt5q1QGDqujWbr1IYiBiWv7yZm/R9y8SM2povj9Nps5y+fDcXwd9M2V8Onp3JSMIrD+U=
X-Microsoft-Antispam-PRVS: <BYAPR01MB4854C69EF78E40F66AC075ACBC730@BYAPR01MB4854.prod.exchangelabs.com>
X-Forefront-PRVS: 0968D37274
X-Microsoft-Exchange-Diagnostics: 1;BYAPR01MB4854;23:ycfzJc7FGhH9sgEwWfXJu6F6HC3GEmv3HBa2I5iQFA3SeFcChKShMcDO88D2pqdKzIyCL2XLCukjuUkd/YrmmP5OsPlUUoEHiTbuoyC8+vM7mLC37SaUsdX+WtFgCukDevGjqf/4RXfZUnTcpv6oP3jho5YXdUIWnUOZL1lnZtQSvN31UxEeojag5heSguG6DFrdZT4StQh3kIE80Y6nLqt4EW+ZhN+dhqdsTzSbDmLQgFhzTSdG8yPmuAhnLZySg5+N3xOB+LNjVZuQYeJYebF0q9uvKODd3iL7MZ9008rzWpNiWVQR8Tq51u6qgAeOXnVhWsVgkBYhblChGzfKzgSSaI7CGN1AyPWY5rf+axOezLQdZc2o4OH5zepOC3huJLrXqyrMsjPicMG+udgJ2BZ1JaFKKbr2txgL6FTLq53ukhAKsmRVDpL5wpN+BBcS92/7ORc6ex3uCjL2HIRiZ82NPwbvAVTF0jj+OwbxROYc/dcTXtiukWJ1TeQeIhwSmcDtr+m+hENzVpjQLLAdayauyoTCa90zr7dVSbHdaA1Og0hc/0Yfx0wOqMqm7Idy5h6XGPcceYi/22Jiqv6vLdcjdWNkB+gVqKYzf3uFy9CHgQIXoRuMPsFdY4L+jI87Adj9CkXviKii2hheV+Ff6lzMS96AQVqICvdAzzWBYx0ggx15atOR5kd0gPwPBrpzdQUYIjDI8h/k9KNWd7qFEX5C4bEQ5vgDZqRthBWV6PwsZ6Eb9ZGt+PHjkW69y+hgTIz4TobVBD9g0j4wRRLm4Xpx0Bsly4QNnoQSm3cHIn2nppwhtvxyM0OgO3Imcd+ey9//qJAoEaT5GkhjyaAsu3BpmNGXraguob4KfcDJxnY49FLf4Q4ZpSE80xJDv/cq8NX9o9s4KUs1PACWpTQ987Cc5Qt5YPGmAb4PYOmrEL8UORg4D1QuiTPjtbo8odY7UTtJ5qMweQEIy3vlWNxIrmbrgJUrJtUjZ3ptbbIM+TRGwGwSLkKWbxSKSS0W7tsZaB3jQns9mby221hQQMcenUDJ9qUSGexDVz+KV1hR1B9UOAsV+C1qC7mPhOBXMSE9urU1bW9b8WGq9BX/8xhiYzRqi8oYeBeKpVo93dc03WSiHLbSUoKOnPClIv+3XrhpqM22eKFV0IlZHVToF86LXd1dguADDmYYEzHkea7jidmIJMtzzgq1qOdnSde+HRbt7h2sBkXdbY8nS+SmEZMHqSEChZ42twlCiFHiWXm+Rg8+1gfi6d3gAE1MyXqF1GvAG0pSLTxrMWgEll3qOvaahv8SJf98zzWjxKTKLkUmrgE=
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info: bu6ZTkoPM0HyQ5SLW1IfR3sANMKLFO9/lrjy+BHl/YlHIjgm/JzW5hb3C+YQxdjqyOBzTppm10yXnLZInCcXtfRh4jKSm25dOWVA2UYfwQG8fjnfx3bKHtLF7Sk8cV0JoUI26Qk/7AIw2gDJn8qKaxw27/KBJXla2yoCqRUbjv2Wt87LsOpSol1F9BEk5Nma3N5d9pMR48gXU9FkjOr9Zr3KLEauYwF0lxrHlZrzOYLQRWQFul5vUKRGHOXCAKqY4+RLZc/XVDQIvYMnPwZ5TijEzlefztfDL57BugcR+RQ/8TnHagnEEALvmFMQ0rJ1huvr99FMIsHcU/iq3jwjCnwLemlrHYb5v1uXFHY31bEYgg////EylIr7J4iz3907ADcsRo41+WC0xkrc1FAYMxf91QVOlMqtedRATJ31isg=
X-OriginatorOrg: mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Mar 2019 16:55:03.6909 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 67b33a34-f0e3-45d0-a7f5-08d6a2547add
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=64afd9ba-0ecf-4acf-bc36-935f6235ba8b; Ip=[18.9.28.11]; Helo=[outgoing.mit.edu]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR01MB4854
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/Re7idyo3VO2nA0WwPwv7TTU2H54>
Subject: Re: [kitten] Adam Roach's Discuss on draft-ietf-kitten-pkinit-alg-agility-05: (with DISCUSS and COMMENT)
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Mar 2019 16:57:19 -0000

On 3/6/19 3:28 AM, Datatracker on behalf of Adam Roach wrote:
> I can see in
> https://www.iana.org/assignments/smi-numbers/smi-numbers.xml#smi-numbers-26
> that the OID 1.3.6.1.5.2 has been reserved for Kerberos v5 objects (a
> reservation that appears to have been copied out of RFC 1700). I also see that
> RFC 4556 uses 1.3.6.1.5.2.3 and defines three nodes (.1, .2, and .3) underneath
> it. Try as I might, I can't find any plausibly authoritative registry that
> tracks the reservation of 1.3.6.1.5.2.3, or of its children 1.3.6.1.5.2.3.1,
> 1.3.6.1.5.2.3.2, and 1.3.6.1.5.2.3.3.

Historically, OIDs under 1.3.6.1.5.2 have been managed out of
https://web.mit.edu/kerberos/krb5-oids/krb5-oids.asn , first by Taylor
Yu and more recently by myself.

> This document also defines 1.3.6.1.5.2.3.6.1, 1.3.6.1.5.2.3.6.2,
> 1.3.6.1.5.2.3.6.3, and 1.3.6.1.5.2.3.6.4 for the various hash algorithms.
> Assuming this list continues to be added to, how will future specifications
> avoid collisions?

These four OIDs were not in the registry file (although their parent was
included); I have added them.

> I have a similar question about 1.3.6.1.5.2.4.5.1.

This OID also appeared to be missing from the registry, and I have added it.

> To be clear: if I understand the situation correctly, I recognize that there
> may be a bigger problem here that is beyond the remit of this document to
> solve; however, I think it would be reasonable to not make the existing problem
> worse. In particular -- and again, I may simply be confused here -- I would
> expect this document to at least ask IANA to create a table at
> https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml that keeps
> track of the children of 1.3.6.1.5.2.3.6.

The Kerberos protocol has a history of managing some number spaces
privately, and others through IANA.  There was an effort to move many of
those number spaces to IANA (draft-ietf-kitten-kerberos-iana-registries)
but it stalled.  It doesn't look like OIDs were part of that effort.

v2.23.0 | Report a Bug | By Email