IETF Logo Mail Archive

[netmod] rfc8407bis IANA guidance (enums vs identities)

Kent Watsen <kent+ietf@watsen.net> Wed, 07 February 2024 17:28 UTC

Return-Path: <0100018d849d7a49-663e55c5-84f1-4f49-97a1-5024f124d468-000000@amazonses.watsen.net>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A1249C14F699 for <netmod@ietfa.amsl.com>; Wed, 7 Feb 2024 09:28:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.903
X-Spam-Level:
X-Spam-Status: No, score=-1.903 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5ZMRqPazABas for <netmod@ietfa.amsl.com>; Wed, 7 Feb 2024 09:28:50 -0800 (PST)
Received: from a8-96.smtp-out.amazonses.com (a8-96.smtp-out.amazonses.com [54.240.8.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A80EEC14F601 for <netmod@ietf.org>; Wed, 7 Feb 2024 09:28:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=224i4yxa5dv7c2xz3womw6peuasteono; d=amazonses.com; t=1707326929; h=From:Content-Type:Mime-Version:Subject:Message-Id:Date:To:Feedback-ID; bh=g/9AnLaoYRQJMkIUt/wiuJ8FEjyq//rLzch3aaef0XM=; b=cfnWQN6M1LqtWY2X5M+V8r/jnySRblyllu3K09h40gFf4lSEBGU7h/FAnl9oH/62 Utcq8Nm//44CzikkUo3j9NH6Vq740v3WBpTpD9XP7PYqGvhl47UjKwhW3Eg03S7fP6b OjU8mXRNLB9Or00mH+avmfuWnQlmrKPgwgZ2dBPQ=
From: Kent Watsen <kent+ietf@watsen.net>
Content-Type: multipart/alternative; boundary="Apple-Mail=_FD3FF876-77BB-4C65-BD8E-96A1A3795994"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.600.7\))
Message-ID: <0100018d849d7a49-663e55c5-84f1-4f49-97a1-5024f124d468-000000@email.amazonses.com>
Date: Wed, 07 Feb 2024 17:28:49 +0000
To: "netmod@ietf.org" <netmod@ietf.org>
X-Mailer: Apple Mail (2.3731.600.7)
Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES
X-SES-Outgoing: 2024.02.07-54.240.8.96
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/VZEicfG9EQ157q_o1JroTxMsr3Y>
Subject: [netmod] rfc8407bis IANA guidance (enums vs identities)
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Feb 2024 17:28:51 -0000

Authors, WG,

Following is a comment on Section 4.30.2.
https://datatracker.ietf.org/doc/html/draft-ietf-netmod-rfc8407bis-06#section-4.30.2

The text says:

====START====
An IANA-maintained module may use identities (e.g., [RFC8675]) or enumerations (e.g., [RFC9108]). The decision about which type to use is left to the module designers and should be made based upon specifics related to the intended use of the IANA-maintained module. For example, identities are useful if the registry entries are organized hierarchically, possibly including multiple inheritances. It is RECOMMENDED that the reasoning for the design choice is documented in the companion specification that registers an IANA-maintained module. For example, [RFC9244] defines an IANA-maintained module that uses enumerations for the following reason:

	 "The DOTS telemetry module (Section 10.1) uses "enumerations" rather
	 than "identities" to define units, samples, and intervals because
	 otherwise the namespace identifier "ietf-dots-telemetry" must be
	 included when a telemetry attribute is included (e.g., in a
	 mitigation efficacy update).  The use of "identities" is thus
	 suboptimal from a message compactness standpoint; one of the key
	 requirements for DOTS messages."
====STOP====

I’m wondering if the guidance here cannot be stronger but, first, let me explain how I got here…

The "ssh-client-server" and the "tls-client-server” drafts both register IANA-maintained modules for IANA-registries (for crypto algorithms).  All of these IANA-modules use *identities* (not enums).

As I’m in the process of updating the two drafts to follow this template, I’m struggling with the above quoted text.  The reason for the struggle is because I’m having a hard time justifying these draft’s current use of identities (yikes!)
  
The impetus for using identities in the first place was to enable new identities to be added by future modules (and nothing to do with multiple inheritances).   But when moving to the modules being IANA-maintained, it seems that we’re simultaneously saying that new values should NOT be definable any other way.  That is, IETF would NOT publish new algorithms via new RFCs, when IANA is already publishing said algorithms via revisions of the base-module).

Perhaps it is theoretically possible that "proprietary” algorithms could be used in private deployments, but such would not foster the interoperability that IETF seeks.

Thus I am wondering if the guidance in this section should be stronger.  Should it actually say something like “Enumerations SHOULD be used unless the multiple-inheritance property of identities is needed.”?

Thoughts?

Kent // contributor

v2.23.0 | Report a Bug | By Email