IETF Logo Mail Archive

Re: [saag] SSH & Ntruprime

Eric Rescorla <ekr@rtfm.com> Thu, 11 April 2024 21:23 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23AFBC14CF0C for <saag@ietfa.amsl.com>; Thu, 11 Apr 2024 14:23:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.894
X-Spam-Level:
X-Spam-Status: No, score=-1.894 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UZPbeyX1BpEp for <saag@ietfa.amsl.com>; Thu, 11 Apr 2024 14:23:39 -0700 (PDT)
Received: from mail-yw1-x1129.google.com (mail-yw1-x1129.google.com [IPv6:2607:f8b0:4864:20::1129]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 13CFDC14F739 for <saag@ietf.org>; Thu, 11 Apr 2024 14:22:11 -0700 (PDT)
Received: by mail-yw1-x1129.google.com with SMTP id 00721157ae682-618509f818eso12015857b3.1 for <saag@ietf.org>; Thu, 11 Apr 2024 14:22:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20230601.gappssmtp.com; s=20230601; t=1712870530; x=1713475330; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=CI1CuMguvSZOnyhnftd0cYTkghuCNeP7MJDa8EpkWyc=; b=Ql/NGPyjvTnXxaQz7qDNzALdYqNfxVBQS63bXRcwwH+q7hIFgWzrftfzdoJZb4mjFf NUf448hYAeJSJHf3Q4S8bLJVnrB71AuiEWfQLCFTHC7uAbHRenNFSHOb9w0AtIPRMOfA AVsuKTh8bf2CwrLLGj6XoHctK+vdvhOLU71YhALu8pHHtKVRl6X25yZZ3Mjzs6DwANAn 9WOp6B5akvP7OEt4stEl9P7CkXGKadIZbQMjKKtoFmJYYcov3t00CJFmB5HAsahHT3b4 +WZJ3YQjBaC9lBY5mZkUI3Gqo97k98zoPwzexU8qAkYzXQ9iaoJsXWnwY0sxTJxqfbWQ 8Npw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712870530; x=1713475330; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=CI1CuMguvSZOnyhnftd0cYTkghuCNeP7MJDa8EpkWyc=; b=Dt0V0SCkgh413RCKr/Xezw0JxNlV8pqR63hCTnfZ8DYF99wfNIcmousSXFpwMmoTAV Y4OlMoW79Y+MvzZSkS1Wny9nmZfsCCJotLaybKLmqwwy91bkoycmTrW0O841eglUKqRF 9njDLGV4avAPwcJ7h7mbrzh3XefMNmYC6HkGz4+c1C6E+4PyfnZsObTOQ+uKzDLoK/m4 PfMDcVp7m9k+bpZVx1o5Wt4X0F3EbGMyuhIQPr+8nr+sHNThr/5zI3fRL6N74m0yYS1X rHXvtYuG8G6s/y06rm07jAYw64ko2dAmjtRnlcEZV2PcOqynR6OdxYeR0CDwqOQx5YiN E/Fg==
X-Forwarded-Encrypted: i=1; AJvYcCW8Jc2T/HNH5e6L1vG2tc/t03fpgZ4g5lEXpSk7wBRIbZiK5sU2EYDowCy2G10ftNEEM1un13UhsGPLLMU9
X-Gm-Message-State: AOJu0YxPcTzI6WL/r7emv0FkKhznJpNRGMJzeOl6TXBytjfRnc43eHYA IK9C4kqEj1G+6Q6yuaXist+AUpBVxtyXIhunNRxP8Eb9X3WgFJum4q6EqjmrtHMolPvyIyxM4QO GsKPu6R+VpzTQbNir9CjjfN2z1he2TCHR1bSUSA==
X-Google-Smtp-Source: AGHT+IEd5hSTGQ1RPP2DPmHswBrn+gt4G93bbH0Wh9KGOSTH+9n7koVOC+UNn8V8zErsr7Y6z3vLfUqyhQIsFAy+nrk=
X-Received: by 2002:a05:690c:f8d:b0:615:1ad1:d6e6 with SMTP id df13-20020a05690c0f8d00b006151ad1d6e6mr3960571ywb.16.1712870529881; Thu, 11 Apr 2024 14:22:09 -0700 (PDT)
MIME-Version: 1.0
References: <05D73B77-ECFB-43E9-A2A8-00D46F63FC32@aiven.io> <20240405162821.1801419.qmail@cr.yp.to> <CAGL5yWaJXRDyiQ=w2XJcoFhCQ3JDriqO+jAcOKz7J4kW2PY=uw@mail.gmail.com> <87o7ahzi8c.fsf@kaka.sjd.se> <CABcZeBO-_k3pTsLAqOm3c5F8Cnbnd1mtdpuaoQicoCRBLPZLLg@mail.gmail.com> <d2bd2378-4de4-4426-b2f4-fbcff6de5d2a@cs.tcd.ie> <CABcZeBPtRoGg=diFd2MjRXn0SD+KMJSC65ROe55SpsdcLL_m_g@mail.gmail.com> <9da5e8a6-b329-41cd-89c1-4423f6739341@nthpermutation.com> <CABcZeBN-Oy-vG=VYwqAmd=Fi7AWyp1pQPnMQMhe0-EzOPZwrsQ@mail.gmail.com> <7127f31a-bb6f-467a-aa67-55b46e7f95f2@nthpermutation.com> <3bef7fff-6a84-42ba-a2ee-a5e6bd60c816@cs.tcd.ie> <CANeU+ZDvWWd+HmtXx=4x0zgO6FNfeqwzybU+jjVHzFWqkgz2Rg@mail.gmail.com> <CACsn0ckmW9oSvUarqRYDVLJS6K-6_c2j7UhYTM6TpdYjr_GrQA@mail.gmail.com> <4148ae7e-80b9-4e24-8d61-a95882313600@nthpermutation.com>
In-Reply-To: <4148ae7e-80b9-4e24-8d61-a95882313600@nthpermutation.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 11 Apr 2024 14:21:26 -0700
Message-ID: <CABcZeBMusG+kTBsQstVbzRudSS1tH11B4u2bOr7ZvE7GrpQ9jA@mail.gmail.com>
To: Michael StJohns <msj@nthpermutation.com>
Cc: Watson Ladd <watsonbladd@gmail.com>, Security Area Advisory Group <saag@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000007af6260615d8bf06"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/MsMl5Rcbrwd4Ct3lZHMO_E3psyw>
Subject: Re: [saag] SSH & Ntruprime
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Apr 2024 21:23:43 -0000

On Thu, Apr 11, 2024 at 9:26 AM Michael StJohns <msj@nthpermutation.com>
wrote:

> On 4/10/2024 10:07 PM, Watson Ladd wrote:
>
> According to the datracker, you were the document shepherd, but the shepherd report that Sean added to the tracker was done against the -03 draft (note the date of the report vs the post date of -04).  The -04 draft was where the notes were added.  None of the text in either the shepherd report nor the last call announcement text mentioned that  IDs were now acceptable for Specification Required references.
>
> Why do you think that this applies to anything other than the
> registries specifically named in the RFC?
> Sincerely,
> Watson
>
> Hi -
>
> Well context should have told you that the comment you snipped out was
> specific to RFC8447, but still let's assume for argument's sake that it
> wasn't completely clear:
>
> Not sure you read all of the thread, but a) 8447 refers to a specific set
> of registries and rewrote the meaning of "Specification Required" for those
> registries, b) EKR suggested that 8447 was enough of a precedent that this
> new meaning could be carried to other registries
>
To be clear, my argument is *not* that this meaning can simply be adopted
for other registries
on the basis of RFC 8447. I agree that those registries would require their
own RFCs.
RFC 8447 is relevant in that this has worked well for TLS, not in that it
empowers other
experts to simply adopt that definition for Specification Required.

It seems like your text below agrees with this analysis of the process (if
not the merits of
8447), but I thought I should make what I am saying clear.

-Ekr


, c) I suggested that more work needs to be done before we give up on IDs
> as "draft documents" and "to cite them as other than 'work in progress'"
> and that RFC8447 was probably not vetted completely by the community for
> this change - however limited.
>
> So - sort of?   A well meaning participant could read 8447 and the related
> registries and go "Ooooh - shiny - I want to do that too!"  If that
> document were as innocuous and registry boiler plate, its possible that
> could make it through all of the filters that 8447 made it through.  I'd
> prefer that not happen without actually changing the process and resolving
> what it actually means to cite an ID as a code point reference.
>
> So that's where we are.
>
> Or at least where I am.
>
> Mike
>
> (*sigh* too late to change the subject line - sorry should have been done
> a long while back).
>
>
>
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag
>

v2.23.0 | Report a Bug | By Email