[kitten] Register too long SASL mechs?

Simon Josefsson <simon@josefsson.org> Wed, 26 May 2021 13:49 UTC

Return-Path: <simon@josefsson.org>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3BC163A2F2B for <kitten@ietfa.amsl.com>; Wed, 26 May 2021 06:49:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=josefsson.org header.b=Gj4uEm1w; dkim=pass (2736-bit key) header.d=josefsson.org header.b=qGvvPg/p
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xi7YcjRV6-pc for <kitten@ietfa.amsl.com>; Wed, 26 May 2021 06:49:00 -0700 (PDT)
Received: from uggla.sjd.se (uggla.sjd.se [IPv6:2001:9b1:8633::107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DFA8E3A2F30 for <kitten@ietf.org>; Wed, 26 May 2021 06:48:59 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=ed2101; h=Content-Type:MIME-Version:Message-ID:Date: Subject:To:From:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=wKkSkrv53b7GbTZUgD1l6zhns6mpjmnngPQhPh/CfbY=; t=1622036939; x=1623246539; b=Gj4uEm1w/RwUjYvOEYmGD/9yb7mR7Vy2aILo0RYumij6m7pgn0CHsgw/g6j5eDBB8FErck7Oa+ g3zPFZ0TMGBw==;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=rsa2101; h=Content-Type:MIME-Version:Message-ID:Date: Subject:To:From:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=wKkSkrv53b7GbTZUgD1l6zhns6mpjmnngPQhPh/CfbY=; t=1622036939; x=1623246539; b=qGvvPg/p4f45Df2YCu/x1n/8RcnHLGRhdyjT4SbJ6SPuW69yA4hHeVliz0FCMKw1kX5cv5lpSh t+7589JbgukN/WE2FqDJE7DiKiYCe/U0oXhCKOz83eGlrfIr8giRlxfrsqVFXnAVq33UXcPEQjM+g KWoHOSxnISAxYnGXZnO5xRnQOe+aU2H5eU9MpYnPh1Z1p4CbTnD1R+8/96lEBT3+WOo0gxq74MeeJ polltcIEuMR0r2ZWQMSh9ZB+fdlIIz9lGwcuUF4ZpZl3xivToekuv80MnlZERZUhumlqvQclM07RN jofxgRh3kGMsRjx2zbYYGlHgfoN5IRJDfn367a+Uxtra5TV2DUQvQ6Z38sapOuGbmzkhv+U/ZE6bz onO9RdrG2cgIjWTXEb84OJODgBcaasT6xeSgkXHEy/+8JYQRCmmLTHG3F+lSDBz7AGZ1f9VVYE ;
Received: from [2001:9b1:41ac:ff00:8936:9e30:3f84:63a6] (port=43962 helo=latte) by uggla.sjd.se with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <simon@josefsson.org>) id 1lltu1-0001Mv-Ll for kitten@ietf.org; Wed, 26 May 2021 13:48:53 +0000
X-Hashcash: 1:22:210526:kitten@ietf.org::i2SmHfdTrDb4mpuV:geW1
From: Simon Josefsson <simon@josefsson.org>
To: kitten@ietf.org
OpenPGP: id=B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE; url=https://josefsson.org/key-20190320.txt
Date: Wed, 26 May 2021 15:48:53 +0200
Message-ID: <87im35a9mi.fsf@latte.josefsson.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/jYbOpMuza3ET0Z-UfQRGmMJNXuI>
Subject: [kitten] Register too long SASL mechs?
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 May 2021 13:49:06 -0000

Hi!  There is a request to register the ECDH-X25519-CHALLENGE and
ECDSA-NIST256P-CHALLENGE mechanism names in the IANA SASL registry.  The
policy is First Come First Serve, so there is no real requirement of a
standard or anything, however the names are longer than the 20 character
limit imposed by RFC 4422.  Supposedly these are already deployed and
have been used in the wild for a couple of years already.

Some references:
  https://www.iana.org/assignments/sasl-mechanisms/sasl-mechanisms.xhtml
  https://github.com/atheme/atheme/blob/master/modules/saslserv/ecdh-x25519-challenge.c
  https://github.com/kaniini/ecdsatool#mechanism-spec

As far as I can see, we have some options:

1) Just let IANA register these names even if they are non-compliant.

2) Don't formally register them but mention them on the IANA page to
avoid any interop problems and allowing people to find out what these
are.

3) Refuse registration since tey are non-compliant.

I prefer 2) but could live with 1) as well.  I don't think it is in the
best interest of anybody that registration is refused on technicalities.
Maybe this post is sufficient to make relevant parties aware of what is
happening, and IANA can continue with 1).

Thoughts?

Pursuing standardization, or publishing a stable specification, of the
mechanisms is orthogonal to registration, but would be useful.

/Simon