IETF Logo Mail Archive

Re: [kitten] Comments on draft-ietf-kitten-password-storage-00

Sam Whited <sam@samwhited.com> Wed, 04 November 2020 20:48 UTC

Return-Path: <sam@samwhited.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ACA913A0E5B; Wed, 4 Nov 2020 12:48:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=samwhited.com header.b=Ta/9o9ZR; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=HZMjlotd
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nbFD5f6GqkDV; Wed, 4 Nov 2020 12:48:15 -0800 (PST)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 395613A0DEF; Wed, 4 Nov 2020 12:48:15 -0800 (PST)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 6FC1F5C010F; Wed, 4 Nov 2020 15:48:14 -0500 (EST)
Received: from imap34 ([10.202.2.84]) by compute4.internal (MEProxy); Wed, 04 Nov 2020 15:48:14 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=samwhited.com; h=mime-version:message-id:in-reply-to:references:date:from:to :cc:subject:content-type; s=fm1; bh=W6vBbSxrcXYhQwL5R0G/kD5cVGsA +BggqypBje1iq5U=; b=Ta/9o9ZRC5nYZxECXrzTD3U5pz4RVKjqttqnqAGIn5nT 7GVpo77Jjv90pbZUJ/sQxWnYA6bHkONd23cQ1T2p16IpCgw06xMJUVvGT7021E9p 815/qdWFIkHDh0mfzDJHg2SNCjbgDgD+YxCPh19Qt0RfC0+41L/js7yHstHLNqbc 26eUSrsgMhN7+LXtInAajdmSAOHMWYiz96oLxI7Mxq/Ieb9WcGRzXFeZDtJPTS4R VY0i1eCpvlHRbk8zH8EfE2AW/qQGULrZGNxf24We0HpFiI4eXu+gE788RWCTs0b5 T+i19MOuqyOv4rG0Cv2ZZM8ECRPaH6TGXJx7ePQC0g==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=W6vBbS xrcXYhQwL5R0G/kD5cVGsA+BggqypBje1iq5U=; b=HZMjlotdYcUFKY+mnhBcfI pAkSHJ5kX/6ISiIlfpdyJAxlVj0u8pNchijkNcQyIEs7wDYEBSVAFmx1o9bTz9tb 7BtII6wcjKz3FgJrZl5zpEL1HosPDkN1qxDk+rkI2ZN6v5oaap7VC8MD1qQE3sgM 37AY7VN+x9llD6RVrwOj6gKYI/dae7M1tItcB/mNpnvbl0AcYolTOQP9p4Oi89ak Jk+DJnRbg9Z4F/zIyrxHn2RxSXUh6HBj4DkSXRFFhbvmebdF5mVRUAx5YGSYjzag R9FiC8Thc+W79fd9mgEcpasVinHv//SKZ6n5OrJr4ltcLxEVZWxmjbKlUeznsOKg ==
X-ME-Sender: <xms:jROjX4Dgm0gWY3RrAimpXUYWx-m8AK5qPEEnVSwOwRiR6sI2AQTZqw> <xme:jROjX6iyBzS4qI7UDdHmiVFIadQgiHgzKhGPn4aKeQLlLzeYt7f-ko1hT-XELaw-- WPZaeAlMoACag6SgA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedruddthedgudegfecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefofgggkfgjfhffhffvufgtsehttdertderredtnecuhfhrohhmpedfufgr mhcuhghhihhtvggufdcuoehsrghmsehsrghmfihhihhtvggurdgtohhmqeenucggtffrrg htthgvrhhnpedtledvvddvffejueeitdeuffetkeeugfekgeeuvdehheeuvdelgedtieff gfelffenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpe hsrghmsehsrghmfihhihhtvggurdgtohhm
X-ME-Proxy: <xmx:jROjX7lZCmwLvk6wLGIOm9mShvorqZD9FTyTGz3qHH-1prg0eTBB_Q> <xmx:jROjX-zVc7a7I37_-lL8BxPmzNMfLskrZ3vCWSQe9v2E3EA1XBHORw> <xmx:jROjX9ThV9tLjCR4CR_Ueu7vuXSwkWbey3mi0YsiFtSpKe73-ixvgw> <xmx:jhOjX_c9xgFv4ZG2aJvTCwzxyFtL_xwWCcBGFJeSiJwGxfQ-uTOqSA>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 7121D1460062; Wed, 4 Nov 2020 15:48:13 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.3.0-530-g8da6958-fm-20201021.003-g69105b13-v35
Mime-Version: 1.0
Message-Id: <c2641638-e311-494a-91f0-1571c86a9468@www.fastmail.com>
In-Reply-To: <DM5PR14MB13088072C2B2970C804FFBE6B8EF0@DM5PR14MB1308.namprd14.prod.outlook.com>
References: <6dde1303-3d0c-6811-c201-00edbe5ab84e@bluepopcorn.net> <jlgk0wleoi6.fsf@redhat.com> <DM5PR14MB130837085BB6E5FB1B592469B8140@DM5PR14MB1308.namprd14.prod.outlook.com> <099cf65d-5a57-4e64-93cd-8504aa3bb97d@www.fastmail.com> <cdb36f4a-12e9-c5ee-aa2a-d31685660d13@isode.com> <d20a0afc-92eb-4de0-b2ec-2739af56fcf2@www.fastmail.com> <DM5PR14MB13088072C2B2970C804FFBE6B8EF0@DM5PR14MB1308.namprd14.prod.outlook.com>
Date: Wed, 04 Nov 2020 15:47:53 -0500
From: Sam Whited <sam@samwhited.com>
To: Ludovic BOCQUET <lbxmpp@live.com>, Alexey Melnikov <alexey.melnikov@isode.com>, Robbie Harwood <rharwood@redhat.com>, Jim Fenton <fenton@bluepopcorn.net>, KITTEN Working Group <kitten@ietf.org>
Cc: "draft-ietf-kitten-password-storage@ietf.org" <draft-ietf-kitten-password-storage@ietf.org>
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/ckmf-OTEJVzJx67QgI15RHEk9jQ>
Subject: Re: [kitten] Comments on draft-ietf-kitten-password-storage-00
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Nov 2020 20:48:17 -0000

Following up on this after our conversation out-of-band since I
apparently misunderstood this sentence:

On Wed, Nov 4, 2020, at 13:03, Ludovic BOCQUET wrote:
> Note: The final "draft-ietf-kitten-password-storage" must be validated
> like a RFC after the next two I-Ds, it is really important.

I appreciate your confidence and desire to see this published as an RFC,
but I don't think we can set such an aggressive timeline on it.

I'll be the first to complain about working with the IETFs obtuse
process (someone was kind enough to sit me down and walk me through the
whole thing on video chat and I still have no idea how any of it works
or what my role as an author is, the tools are impossible to use, the
format is impossible to write, etc.), but picking an arbitrary number of
drafts before advancing a document with a lot of subtle bits that need
expert review doesn't seem like a good idea to me.

Sorry, I'd love to see it advance too, but I'm not sure it's ready
quite yet. We have plenty of time to see what happens with the other
SCRAM I-D first. If one document or the other looks like it's ready to
advance, we can reevaluate this position before doing so. Don't worry,
if the new SCRAM mechanisms look like they're going to work out, we'll
get them in there!

Although I haven't heard many other opinions; if waiting on linking the
other SCRAM I-Ds seems too conservative I'd love to be told I'm wrong by
more seasoned IETF folks.

Thanks,
Sam

v2.23.0 | Report a Bug | By Email