IETF Logo Mail Archive

Re: [kitten] Updating IANA krb5 GSSAPI token type registry

Jeffrey Hutzelman <jhutz@cmu.edu> Wed, 05 March 2014 14:59 UTC

Return-Path: <jhutz@cmu.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 175E21A0713 for <kitten@ietfa.amsl.com>; Wed, 5 Mar 2014 06:59:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.447
X-Spam-Level:
X-Spam-Status: No, score=-2.447 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.547] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uqyqQ-84uJFs for <kitten@ietfa.amsl.com>; Wed, 5 Mar 2014 06:59:23 -0800 (PST)
Received: from smtp01.srv.cs.cmu.edu (smtp01.srv.cs.cmu.edu [128.2.217.200]) by ietfa.amsl.com (Postfix) with ESMTP id CB44C1A0527 for <kitten@ietf.org>; Wed, 5 Mar 2014 06:59:22 -0800 (PST)
Received: from [192.168.202.157] (pool-108-39-221-65.pitbpa.fios.verizon.net [108.39.221.65]) (authenticated bits=0) by smtp01.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id s25ExGCd003717 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Wed, 5 Mar 2014 09:59:17 -0500 (EST)
Message-ID: <1394031556.4290.53.camel@destiny.pc.cs.cmu.edu>
From: Jeffrey Hutzelman <jhutz@cmu.edu>
To: Sam Hartman <hartmans-ietf@mit.edu>
Date: Wed, 05 Mar 2014 09:59:16 -0500
In-Reply-To: <tslzjl4ohbn.fsf@mit.edu>
References: <20130806223553.CD3401A8EC@ld9781.wdf.sap.corp> <29F4D66E-3E8F-4033-8779-8EA158C1B72A@padl.com> <alpine.GSO.1.10.1308062018070.24720@multics.mit.edu> <alpine.GSO.1.10.1309041148130.16692@multics.mit.edu> <alpine.GSO.1.10.1403041135510.1213@multics.mit.edu> <tslzjl4ohbn.fsf@mit.edu>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.8.4-0ubuntu1
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Scanned-By: mimedefang-cmuscs on 128.2.217.200
Archived-At: http://mailarchive.ietf.org/arch/msg/kitten/et5MINB24z8IbJlEVB9sm9BZ0I8
Cc: kitten@ietf.org, jhutz@cmu.edu
Subject: Re: [kitten] Updating IANA krb5 GSSAPI token type registry
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Mar 2014 14:59:26 -0000

On Wed, 2014-03-05 at 09:23 -0500, Sam Hartman wrote:
> >>>>> "Benjamin" == Benjamin Kaduk <kaduk@MIT.EDU> writes:
> 
> 
>     Benjamin> To me, this seems like a(nother) bug in RFC 7055, but of
>     Benjamin> course it is not one that can be reasonably fixed.  I
>     Benjamin> guess that the easiest way forward is to publish a quick
>     Benjamin> document that reserves 0405 and 0501 noting that they were
>     Benjamin> in use before the registry was established.
> 
> I do not support reserving the iakerb value in another document.
> The right solution there is to finish iakerb and get it published.

Agreed.  For better or worse, our process generally allocates values on
publication, not when a spec first appears that needs one.  The right
way to avoid conflicts here is for the iakerb document to say "TBA"
until a value is assigned by IANA, and to mention this in its IANA
considerations section.


> my preference is that the CFX context deletion token not be registered.
> I don't see any protocol issues that are likely to result if that code
> point were re-used.
> If the community disagrees, writing a document is the right way forward.

I think that depends on how mechanisms might get stacked and whether
there is deployed code that emits or reacts to that code point.  In
general, tokens used only during context establishment almost don't need
to be in a common namespace at all, except that it makes it less
complicated to update things when one mech builds on the context
establishment of another.  However, tokens which can appear after
context establishment require a little more care (but are also less
likely to appear or change outside of 4121 or its successors).

In this particular case, I don't feel like I'm in a position to develop
an opinion on whether the code points needs to be reserved, because I
don't know what the existing implementation does with it.


Here, we're talking about a code point used in a document which was in
progress and then abandoned or superseded before the registry was
created; thus, it never appeared in any published protocol
specification.  If we're concerned that use of such a code point might
cause interop problems, then having marked it as reserved in the initial
registry would have been a fine thing to do, and there is ample
precedent for that.  If it didn't, and we consider that an oversight,
then it seems to me that publication of a new IETF-reviewed RFC is a
rather heavyweight process to correct the oversight.


-- Jeff

v2.23.0 | Report a Bug | By Email