IETF Logo Mail Archive

Re: [kitten] Murray Kucherawy's No Objection on draft-ietf-kitten-krb-spake-preauth-11: (with COMMENT)

Eliot Lear <lear@lear.ch> Sun, 21 January 2024 08:24 UTC

Return-Path: <lear@lear.ch>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7AC4BC14F698; Sun, 21 Jan 2024 00:24:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.896
X-Spam-Level:
X-Spam-Status: No, score=-0.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_ALL=0.8, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_HELO_PERMERROR=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=lear.ch
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mH4kqLDQMM6k; Sun, 21 Jan 2024 00:24:44 -0800 (PST)
Received: from upstairs.ofcourseimright.com (upstairs.ofcourseimright.com [IPv6:2a00:bd80:aa::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9CBBC14F5E7; Sun, 21 Jan 2024 00:24:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=lear.ch; s=upstairs; t=1705825468; bh=FvuEm21vHSyKkwNZ0lMbV6G1fWBMA41rjhljineRQR4=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=cG4Cf7AMcRfQNDeFgZTFsP2BLnjLN24DpC+uD9BdfjxYZDWo7pk7KK2Sj2ZIpognz t8JVPlHYxUwCZhDi+TukOUSzoc5CDnGa7l5rf3yf3xtDi2DnBWUX3Mp/wM917sB9PT qVya/MB0p0cp/fR3eY6YjeBlKiDN7r0XvPNM1pQM=
Received: from [192.168.0.99] (77-58-144-232.dclient.hispeed.ch [77.58.144.232]) (authenticated bits=0) by upstairs.ofcourseimright.com (8.15.2/8.15.2/Debian-22ubuntu3) with ESMTPSA id 40L8OPG5038329 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO); Sun, 21 Jan 2024 09:24:26 +0100
Message-ID: <0296af8e-652f-4b31-a42e-d185017b3dee@lear.ch>
Date: Sun, 21 Jan 2024 09:24:24 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: "Murray S. Kucherawy" <superuser@gmail.com>, Nico Williams <nico@cryptonector.com>
Cc: kitten@ietf.org, kitten-chairs@ietf.org, draft-ietf-kitten-krb-spake-preauth@ietf.org, The IESG <iesg@ietf.org>
References: <170559100930.21281.8142882686300667918@ietfa.amsl.com> <d5d9e798-c6c1-4f15-a1f2-4e08580a70c4@mit.edu> <CAL0qLwZUOepsqoGY+kb5tB8CBc=EOYAtoSXk35XAMD4LF5Hw8w@mail.gmail.com> <ZaoDKjMhV3g1w4pp@ubby> <CAL0qLwbueeYOCQSgapa6yx1DzbXLYXuNUMzUvH3m1X-LzaNNxA@mail.gmail.com>
From: Eliot Lear <lear@lear.ch>
Autocrypt: addr=lear@lear.ch; keydata= xsBNBFMe1UQBCADdYOS5APDpIpF2ohAxB+nxg1GpAYr8iKwGIb86Wp9NkK5+QwbW9H035clT lpVLciExtN8E3MCTPOIm7aITPlruixAVwlBY3g7U9eRppSw9O2H/7bie2GOnYxqmsw4v1yNZ 9NcMLlD8raY0UcQ5r698c8JD4xUTLqybZXaK2sPeJkxzT+IwupRSQ+vXEvFFGhERQ88zo5Ca Sa1Gw/Rv54oH0Dq2XYkO41rhxQ60BKZLZuQK1d9+1y3I+An3AJeD3AA31fJZD3H8YRKOBgqe ILPILbw1mM7gCtCjfvFCt6AFCwEsjITGx55ceoQ+t5B5XGYJEppMWsIFrwZsfbL+gP31ABEB AAHNGUVsaW90IExlYXIgPGxlYXJAbGVhci5jaD7CwI4EEwECADgCGwMCHgECF4AWIQSY0L2Q Rh2wkqeyYR2HtmtG2dJ6MwUCWxJwMwULCQgHAgYVCAkKCwIEFgIDAQAKCRCHtmtG2dJ6M8KI B/46pFrJX+4Ockl2fHR303ais9Lyx8jv6mXKKOr8WR0UYcJ0syQrhaaZNG1VV98tYQHHK9F5 y7hH4YCsrr3odZ6zoavnx5X1X/2xw8y732f/irVoOOkYLid9IGPxa2e2nYXCZpde5/yvv3we XVE4mG4dEAD5T8iKS4Hz/3fKGJQ15o79Jv92HgC7RpCt0WaiQ0b6acP3PuwjDJzJzLFZzb7j IiB3izxQESSWE1GNRmoAK/k0gW6kmx1/87tQENrK+3Nn4CJSFQWF6entLnY7UeVm95wbMQkJ evwddDWUO2huDbmZnmxgKXGzSSpuNq7n8ICAOlbt0HfdJAZQfy25bwvezsBNBFMe1UQBCAC0 WV7Ydbv95xYGPhthTdChBIpPtl7JPCV/c6/3iEmvjpfGuFNaK4Macj9le20EA5A1BH7PgLGo HOiPM65NysRpZ96RRVX3TNfLmhGMFr5hPOGNdq+xcGHVutmwPV9U7bKeUNRiPFx3YdEkExdd qV2E8FltT0x2FSKe2xszPPHB6gVtMckX5buI9p1K3fbVhXdvEkcYY/jB0JEJGyhS5aEbct5c HUvDAkT81/YFK5Jfg8RRwu1q1t1YuIJSOWAZQ9J9oUsg6D9RpClU+tIFBoe3iTp1AUfJcypu cGKgLYKtpu/aygcpQONHYkYW5003mPsrajFhReVF5veycMbHs4u5ABEBAAHCwF8EGAECAAkF AlMe1UQCGwwACgkQh7ZrRtnSejOSuQgA27p2rYB7Kh20dym6V8c62pWpBHHTgxr/32zevxHS iXl6xvUCg5T8WUwfUk8OvgDcBErK/blDAMXQzSg3sp450JhR8RnXHXF5Zz2T04X7HnlIVJGw f2CjnwyEAJCqMzaCmI+g3Imvg/8L4nyBFvhlFHDv+kIvMiujyycjPAu7xxKplBs1/IEwmDoA MjneFmawvfeQnwdMhSKK8PjKSuzGU5uUmxj3GBfRqvTM0qpmhMPFOmDhJSmH55HLAky2Mlmq JYXJPt/9EfSEhFiua1M6gLiuNEuPkp+8jcnHQqKr0IeHt8UqcwLt2mGfIyl0FVdF9hvWPjNR zGbgqoT1Di03RQ==
In-Reply-To: <CAL0qLwbueeYOCQSgapa6yx1DzbXLYXuNUMzUvH3m1X-LzaNNxA@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------xKrPjpeGHTR2Uc60g3TuIcFl"
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/YTrzk0l3vq8JRZnNyKYkHZG35tc>
Subject: Re: [kitten] Murray Kucherawy's No Objection on draft-ietf-kitten-krb-spake-preauth-11: (with COMMENT)
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 21 Jan 2024 08:24:49 -0000

Hi Murray,

I apologize for the late comments.  I agree with your concerns. I would 
add four points:

 1. Given the discussion about the nature of Internet Drafts are taking
    place on a mailing list that anyone can join
    (no-draft-expiry@ietf.org), this working group should neither
    redefine IANA policy nor the nature of I-Ds.
 2. The ISE is *sometimes *available for this purpose, but not a
    guaranteed documentation path.  An RFC is generally a heavy lift no
    matter the path (which I think is in part the motivation for the
    text), and RFC 8126 makes clear it shouldn't be the only path.  What
    is needed is a stable reference.
 3. Anyone can create a git repo and establish a stable reference that
    should be suitable for IANA.  IMHO that should be preferred over
    encouraging a reference to something that has "draft" right in its name.
 4. Confusion over IANA policy can be introduced if a draft is updated
    and the semantics are changed without any in-path signaling of such,
    leading to interoperability risks.

Therefore, I would suggest to the IESG that the discussion about 
Internet-Drafts be removed from this draft prior to publication.

Eliot

On 20.01.2024 07:39, Murray S. Kucherawy wrote:
> On Thu, Jan 18, 2024 at 9:05 PM Nico Williams <nico@cryptonector.com> 
> wrote:
>
>     I-Ds expire, yes, but they are not deleted, neither from the Internet
>     nor from the IETF I-D archive.  I-Ds are versioned, and each
>     version is
>     "stable".  I believe an I-D counts as "specification exists" under RFC
>     2434.
>
>
> RFC 2434 was obsoleted a long time ago, as was its successor.  RFC 
> 8126 is current.
>
> If I'm an implementer following a link from an IANA registration to an 
> I-D, but then there's a big colorful warning that the I-D is expired, 
> wouldn't it be reasonable for me to believe that the registration, the 
> document, or both are no longer valid?  This seems really strange to 
> me.  I would expect to find a link to something current.
>
> Should we deregister something if it references an I-D that expires?  
> Or maybe it should seek publication via the ISE instead if the WG 
> drops it?  Or something?
>
>     Many Internet protocols require IANA registry allocations prior to RFC
>     publication for good reasons:
>
>      - publishing an RFC just to obtain an allocation for a
>     work-in-progress
>        is impractical
>
>      - not having allocations prior to publication greatly complicates
>        testing and soaking
>
>      - private use namespaces do work, but then when upon publication
>        _different_ allocations are obtained there then arises an upgrade
>        problem in the field that may not be trivial to manage
>
>
> There's another practice I've seen commonly used: Allow registrations 
> to be "provisional", which are First Come First Served so it's trivial 
> to get an experimental code point or reserve one, and then allow them 
> to become "permanent" with Specification Required or similar.  Would 
> that work here?
>
>     It's not just Kerberos, but TLS and others, that have used I-Ds as
>     "specifications".
>
>
> This isn't making me feel better.  :-)
>
>     Often what we want is just Expert Review, and sometimes we want both
>     Expert Review _and_ Specification Exists.
>
>
> Check out Section 4.6 of RFC 8126.  "Specification Required" includes 
> a designated expert.
>
>     RFC 2434 doesn't limit
>     allocation policies to the ones it lists, as it terms them "example
>     policies, some of which are in use today", but this registry currently
>     requires only Expert Review.  I believe Expert Review is
>     appropriate for
>     this registry.
>
>
> I don't think I'm disputing the registration policy you've chosen.  
> I'm disputing whether we should consider an I-D to be "stable".
>
> -MSK
>
> _______________________________________________
> Kitten mailing list
> Kitten@ietf.org
> https://www.ietf.org/mailman/listinfo/kitten

v2.23.0 | Report a Bug | By Email