IETF Logo Mail Archive

Re: [kitten] Murray Kucherawy's No Objection on draft-ietf-kitten-krb-spake-preauth-11: (with COMMENT)

"Murray S. Kucherawy" <superuser@gmail.com> Sat, 20 January 2024 06:39 UTC

Return-Path: <superuser@gmail.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E2320C14F71A; Fri, 19 Jan 2024 22:39:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.107
X-Spam-Level:
X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id umbvhUthMhdF; Fri, 19 Jan 2024 22:39:46 -0800 (PST)
Received: from mail-ej1-x62d.google.com (mail-ej1-x62d.google.com [IPv6:2a00:1450:4864:20::62d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E2CBC14F70F; Fri, 19 Jan 2024 22:39:46 -0800 (PST)
Received: by mail-ej1-x62d.google.com with SMTP id a640c23a62f3a-a2e633c5365so36598366b.1; Fri, 19 Jan 2024 22:39:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1705732784; x=1706337584; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=1Gcec4FjjXYf0VGO7iOQmOHTwM2TGCdfT9ujGQCFnlc=; b=UipZMr7vdoP2YlmL40axuf/nJ+Msc7MRGtRmECUBbUCLRweWVDar6cnUe1FLMdMy0P j6O990Dp2uXalMXoYINAp43g2QqnPZ/KGG4/5zSogcI/tl7asXHz2S9qftFwZHsKiBRI bh8nXqJ58TlGCfzlEruP7KS4ma/Nh9jNkvqM+iaakRlfX1ny9xUP5dVZdTJEhA8l2tmR 6xcyr1guVeGcPf2wHBJ1FTEBHntgudOQ0rd7VWBxQwMuafOrmKLSGJTerHM29wp0MtGu UntLKLpwMRcz4wa1iPfn1OvYWEfw8upmcdpbLkRIs0In/t1WgpBN0GANznvK06JGs8cR QOxQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705732784; x=1706337584; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=1Gcec4FjjXYf0VGO7iOQmOHTwM2TGCdfT9ujGQCFnlc=; b=MPiGDzuNiK6ooY80T9uJZUgfNh2clpZVph7C/aOZQ2H3M00cOqJJEt7PdKlRM9ENrx 9z5WvaFBdXmkXvc/djpLwI24Fw6L4na/I6qKYj1AQzPDUx5KxzFF3dsV7hkb8QJYUywr Z3dAn/Z/8r1WRZE+yQilN/HbkU2yM0I7Y0LvpLFfewLkgv5IHugw/9xAtm3GgGhDXDLh IUviu7FAkuO8WL5GBIzfH/4IQVSCfNNuk1rnm9L2+NMZeXGr+JKsCKVtveEigftYixSN hh3lKWKA4XTjAltLwm78PG9qquEFhOXnxAx+OuPwpo6flKi9/6GJrcSCH68REd7kVu7h DtJQ==
X-Gm-Message-State: AOJu0YyoBzt5iQVigLhHQSXpQL4FfvO5mZaQq934nbdX4z5s8gzNeGiL YlO9rxrohiCc+eE29S4WfThEQbttEh00DeqUshTYSfHx5jxCvkC8JCWehrRz7vbE3u5D9GUwR1t HU7YOe48OFBqWazhPM22QGwRW73VL4Hf2Gi4=
X-Google-Smtp-Source: AGHT+IEI6PyOKRj2KwLzQpiNtgAfJGRDn5gWj0edHkb3qgtWJASrblwwXOopzmcMHODZ01Eu1LOJ8guk3wZrqsj9XGo=
X-Received: by 2002:a17:906:48c3:b0:a2e:5c09:e367 with SMTP id d3-20020a17090648c300b00a2e5c09e367mr1066763ejt.6.1705732784152; Fri, 19 Jan 2024 22:39:44 -0800 (PST)
MIME-Version: 1.0
References: <170559100930.21281.8142882686300667918@ietfa.amsl.com> <d5d9e798-c6c1-4f15-a1f2-4e08580a70c4@mit.edu> <CAL0qLwZUOepsqoGY+kb5tB8CBc=EOYAtoSXk35XAMD4LF5Hw8w@mail.gmail.com> <ZaoDKjMhV3g1w4pp@ubby>
In-Reply-To: <ZaoDKjMhV3g1w4pp@ubby>
From: "Murray S. Kucherawy" <superuser@gmail.com>
Date: Fri, 19 Jan 2024 22:39:32 -0800
Message-ID: <CAL0qLwbueeYOCQSgapa6yx1DzbXLYXuNUMzUvH3m1X-LzaNNxA@mail.gmail.com>
To: Nico Williams <nico@cryptonector.com>
Cc: Greg Hudson <ghudson@mit.edu>, The IESG <iesg@ietf.org>, draft-ietf-kitten-krb-spake-preauth@ietf.org, kitten-chairs@ietf.org, kitten@ietf.org
Content-Type: multipart/alternative; boundary="000000000000ae6511060f5adc2b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/s-vtI2P8zUibJmj_r4wwGLTn6IE>
Subject: Re: [kitten] Murray Kucherawy's No Objection on draft-ietf-kitten-krb-spake-preauth-11: (with COMMENT)
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Jan 2024 06:39:47 -0000

On Thu, Jan 18, 2024 at 9:05 PM Nico Williams <nico@cryptonector.com> wrote:

> I-Ds expire, yes, but they are not deleted, neither from the Internet
> nor from the IETF I-D archive.  I-Ds are versioned, and each version is
> "stable".  I believe an I-D counts as "specification exists" under RFC
> 2434.
>

RFC 2434 was obsoleted a long time ago, as was its successor.  RFC 8126 is
current.

If I'm an implementer following a link from an IANA registration to an I-D,
but then there's a big colorful warning that the I-D is expired, wouldn't
it be reasonable for me to believe that the registration, the document, or
both are no longer valid?  This seems really strange to me.  I would expect
to find a link to something current.

Should we deregister something if it references an I-D that expires?  Or
maybe it should seek publication via the ISE instead if the WG drops it?
Or something?

Many Internet protocols require IANA registry allocations prior to RFC
> publication for good reasons:
>
>  - publishing an RFC just to obtain an allocation for a work-in-progress
>    is impractical
>
>  - not having allocations prior to publication greatly complicates
>    testing and soaking
>
>  - private use namespaces do work, but then when upon publication
>    _different_ allocations are obtained there then arises an upgrade
>    problem in the field that may not be trivial to manage
>

There's another practice I've seen commonly used: Allow registrations to be
"provisional", which are First Come First Served so it's trivial to get an
experimental code point or reserve one, and then allow them to become
"permanent" with Specification Required or similar.  Would that work here?


> It's not just Kerberos, but TLS and others, that have used I-Ds as
> "specifications".
>

This isn't making me feel better.  :-)

Often what we want is just Expert Review, and sometimes we want both
> Expert Review _and_ Specification Exists.


Check out Section 4.6 of RFC 8126.  "Specification Required" includes a
designated expert.


> RFC 2434 doesn't limit
> allocation policies to the ones it lists, as it terms them "example
> policies, some of which are in use today", but this registry currently
> requires only Expert Review.  I believe Expert Review is appropriate for
> this registry.
>

I don't think I'm disputing the registration policy you've chosen.  I'm
disputing whether we should consider an I-D to be "stable".

-MSK

v2.23.0 | Report a Bug | By Email