Re: [kitten] [Ext] Murray Kucherawy's No Objection on draft-ietf-kitten-krb-spake-preauth-11: (with COMMENT)
Amanda Baber <amanda.baber@iana.org> Thu, 18 January 2024 18:09 UTC
Return-Path: <amanda.baber@iana.org>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B5F7C14F6F7; Thu, 18 Jan 2024 10:09:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.906
X-Spam-Level:
X-Spam-Status: No, score=-6.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vODP7diBN8hw; Thu, 18 Jan 2024 10:09:43 -0800 (PST)
Received: from ppa3.lax.icann.org (ppa3.lax.icann.org [192.0.33.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE7B9C14F61A; Thu, 18 Jan 2024 10:09:43 -0800 (PST)
Received: from MBX112-W2-CO-1.pexch112.icann.org (out.mail.icann.org [64.78.33.5]) by ppa3.lax.icann.org (8.17.1.24/8.17.1.24) with ESMTPS id 40II9eXo032001 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 18 Jan 2024 18:09:40 GMT
Received: from MBX112-W2-CO-2.pexch112.icann.org (10.226.41.130) by MBX112-W2-CO-1.pexch112.icann.org (10.226.41.128) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.28; Thu, 18 Jan 2024 10:09:39 -0800
Received: from MBX112-W2-CO-2.pexch112.icann.org ([10.226.41.130]) by MBX112-W2-CO-2.pexch112.icann.org ([10.226.41.130]) with mapi id 15.02.1258.028; Thu, 18 Jan 2024 10:09:39 -0800
From: Amanda Baber <amanda.baber@iana.org>
To: Murray Kucherawy <superuser@gmail.com>, The IESG <iesg@ietf.org>
CC: "draft-ietf-kitten-krb-spake-preauth@ietf.org" <draft-ietf-kitten-krb-spake-preauth@ietf.org>, "kitten-chairs@ietf.org" <kitten-chairs@ietf.org>, "kitten@ietf.org" <kitten@ietf.org>, Nicolas Williams <nico@cryptonector.com>
Thread-Topic: [Ext] Murray Kucherawy's No Objection on draft-ietf-kitten-krb-spake-preauth-11: (with COMMENT)
Thread-Index: AQHaSiFkxhN/NASFY02+GbHWKm/wi7Df3rEA
Date: Thu, 18 Jan 2024 18:09:39 +0000
Message-ID: <B5D48BB3-F2B3-4A0B-B45C-B07C8A1AEFC1@iana.org>
References: <170559100930.21281.8142882686300667918@ietfa.amsl.com>
In-Reply-To: <170559100930.21281.8142882686300667918@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.63.22070801
x-originating-ip: [192.0.32.234]
x-source-routing-agent: True
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha256"; boundary="B_3788417371_253233133"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.997,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-01-18_08,2024-01-17_01,2023-05-22_02
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/nKpKSY9Lo9gL2rTju1xDqGFwbCo>
Subject: Re: [kitten] [Ext] Murray Kucherawy's No Objection on draft-ietf-kitten-krb-spake-preauth-11: (with COMMENT)
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jan 2024 18:09:47 -0000
Hi Murray, About this question: "In Section 12, we're telling the Designated Experts that an I-D counts as a specification, even if it is never published as an RFC. But an I-D can expire. Are we OK with having an IANA registry with an entry that claims as its authoritative specification an expired I-D?" I just want to note that this isn't without precedent. RFC 8447, for example, had us add notes that specifically state "It is sufficient to have an Internet-Draft (that is posted and never published as an RFC) or a document from another standards body, industry consortium, university site, etc." to TLS registries that use the Specification Required registry. Otherwise, in the absence of registry-specific instructions, it's been left up to experts. Many of them don't accept I-Ds, but the experts for the https://www.iana.org/assignments/smi-numbers registries, for example, generally do, depending on the document. Amanda On 1/18/24, 7:17 AM, "iesg on behalf of Murray Kucherawy via Datatracker" <iesg-bounces@ietf.org on behalf of noreply@ietf.org> wrote: Murray Kucherawy has entered the following ballot position for draft-ietf-kitten-krb-spake-preauth-11: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://urldefense.com/v3/__https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/__;!!PtGJab4!9QSe7V_EPNdzZYIcKy8Q2tXMvA81tTtRojwyDancKu8Sx1shB0IG3euGWk5ZtO4CLNynzSYB1Y5r2kXbnEDZExU$ [ietf[.]org] for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-ietf-kitten-krb-spake-preauth/__;!!PtGJab4!9QSe7V_EPNdzZYIcKy8Q2tXMvA81tTtRojwyDancKu8Sx1shB0IG3euGWk5ZtO4CLNynzSYB1Y5r2kXbTxjEu1A$ [datatracker[.]ietf[.]org] ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- In Section 12, we're telling the Designated Experts that an I-D counts as a specification, even if it is never published as an RFC. But an I-D can expire. Are we OK with having an IANA registry with an entry that claims as its authoritative specification an expired I-D? Section 12.2.2 appears to have four registrations all run together. Could we separate them somehow, either with line breaks or with subsections? Section 4.1: Why is this only a SHOULD? Is it OK if I do something different? Section 4.3: Same question. === Additional comments from incoming ART AD, Orie Steele: 9. Hint for Authentication Sets Why MAY and not SHOULD? Phrasing around MUST NOT and must only could be clearer, and is possibly the reason for the MAYs? 10.2 Unauthenticated Plaintext > Second factor types MUST account for this when specifying the semantics of the data field. It's not clear (to me) how to comply with this MUST, an example of citation might help. In 10.4 Several SHOULD's that maybe ought to be MUSTs? It would be nice to see clearer recommendations on achieving forward secrecy, and on rotating the cookie.
- [kitten] Murray Kucherawy's No Objection on draft… Murray Kucherawy via Datatracker
- Re: [kitten] [Ext] Murray Kucherawy's No Objectio… Amanda Baber
- Re: [kitten] Murray Kucherawy's No Objection on d… Greg Hudson
- Re: [kitten] Murray Kucherawy's No Objection on d… Nico Williams
- Re: [kitten] Murray Kucherawy's No Objection on d… Murray S. Kucherawy
- Re: [kitten] Murray Kucherawy's No Objection on d… Nico Williams
- Re: [kitten] Murray Kucherawy's No Objection on d… Eric Vyncke (evyncke)
- Re: [kitten] Murray Kucherawy's No Objection on d… Simo Sorce
- Re: [kitten] Murray Kucherawy's No Objection on d… Murray S. Kucherawy
- Re: [kitten] Murray Kucherawy's No Objection on d… Nico Williams
- Re: [kitten] Murray Kucherawy's No Objection on d… Russ Allbery
- Re: [kitten] Murray Kucherawy's No Objection on d… Murray S. Kucherawy
- Re: [kitten] Murray Kucherawy's No Objection on d… Stephen Farrell
- Re: [kitten] Murray Kucherawy's No Objection on d… Murray S. Kucherawy
- Re: [kitten] Murray Kucherawy's No Objection on d… Eliot Lear
- Re: [kitten] Murray Kucherawy's No Objection on d… Murray S. Kucherawy
- Re: [kitten] Murray Kucherawy's No Objection on d… Greg Hudson
- Re: [kitten] Murray Kucherawy's No Objection on d… Eliot Lear