IETF Logo Mail Archive

Re: [saag] SSH & Ntruprime

"Salz, Rich" <rsalz@akamai.com> Mon, 25 March 2024 17:05 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52B67C157937 for <saag@ietfa.amsl.com>; Mon, 25 Mar 2024 10:05:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BWcR-QJopYrA for <saag@ietfa.amsl.com>; Mon, 25 Mar 2024 10:05:28 -0700 (PDT)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2FC66C15199C for <saag@ietf.org>; Mon, 25 Mar 2024 10:04:34 -0700 (PDT)
Received: from pps.filterd (m0122331.ppops.net [127.0.0.1]) by mx0b-00190b01.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42PCZJU8021664; Mon, 25 Mar 2024 17:04:32 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h= from:to:cc:subject:date:message-id:references:in-reply-to :content-type:mime-version; s=jan2016.eng; bh=y7rirLy3w8Owj3JvDl Wbmc9QTN4gzn6HMATsdI1x2DE=; b=KbIcyWyZ04ezjYpXRBI17RCqYxan5r6OKE /fVoN0ewY1muEbGzwQJQ/+nVf/KN10wGYWFXQMS9P5Hhj0qIvDFw2rUCbIIjvFxu PNx15Xyfng7fu+1p8QAcMKdkzFItMYhr5LXVDq/eyQTZPrYLaOERE0l6UZXitmHt /O4tPx5/pvjFuCwZnM98iJkxCBLoPTUhZU1QnAASztLoDOgi+fAFik6GqwtouGC1 8L5ZXlYL7nsuqy001OqhBEncOqj2B6ZZFrwWcqdCNzI7YWppSQ9vwVp+rE2ZVKED n/ynmY2E3KuAAZqbeYqhFu3j6h2jVKjI6RQCYGvyjCelCwp5Gv7Q==
Received: from prod-mail-ppoint8 (a72-247-45-34.deploy.static.akamaitechnologies.com [72.247.45.34] (may be forged)) by mx0b-00190b01.pphosted.com (PPS) with ESMTPS id 3x1mu0fw3b-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 25 Mar 2024 17:04:32 +0000 (GMT)
Received: from pps.filterd (prod-mail-ppoint8.akamai.com [127.0.0.1]) by prod-mail-ppoint8.akamai.com (8.17.1.19/8.17.1.19) with ESMTP id 42PEpYQv031218; Mon, 25 Mar 2024 13:04:31 -0400
Received: from email.msg.corp.akamai.com ([172.27.50.205]) by prod-mail-ppoint8.akamai.com (PPS) with ESMTPS id 3x1tdyag89-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 25 Mar 2024 13:04:31 -0400
Received: from ustx2ex-dag4mb4.msg.corp.akamai.com (172.27.50.203) by ustx2ex-dag4mb6.msg.corp.akamai.com (172.27.50.205) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.28; Mon, 25 Mar 2024 10:04:30 -0700
Received: from ustx2ex-dag4mb4.msg.corp.akamai.com ([172.27.50.203]) by ustx2ex-dag4mb4.msg.corp.akamai.com ([172.27.50.203]) with mapi id 15.02.1258.028; Mon, 25 Mar 2024 10:04:30 -0700
From: "Salz, Rich" <rsalz@akamai.com>
To: Eric Rescorla <ekr@rtfm.com>, Orie Steele <orie@transmute.industries>
CC: saag <saag@ietf.org>
Thread-Topic: [saag] SSH & Ntruprime
Thread-Index: AQHafEytzfICQedvJ0iuZh0hh4HscrFEOcqAgAADCYCAAIeagIACcif0gABrCTSAAOTuAIAAa+IAgAAB/gCAAANqgIAAA5cAgAABaoCAAACRgIAAAnqAgAAO6ACAAArPgP//zRiA
Date: Mon, 25 Mar 2024 17:04:30 +0000
Message-ID: <976D3C37-F946-45D6-972E-4BC829BD3C7C@akamai.com>
References: <CABcZeBPWjXvLh06-DBO3Z0sfeb2hgzqzaSZ-J2-TZ7qesrSraA@mail.gmail.com> <D0CD341B-523B-48A0-8954-EE7F89113241@aiven.io> <AF7B6F32-9EE6-4810-A99A-833DEA917FA9@sonic.net> <CABcZeBPfXQckpZageogUxTYgX2j_Nr_O3bvf-a-x0S_82BHMxg@mail.gmail.com> <079A0AA3-FA02-440F-ABA0-6AF897570E86@sonic.net> <CABcZeBOxfYR+=61DV1XN0F9nrmbzLR2zq_ZvADw4UUy1uFafzw@mail.gmail.com> <8caa2d4d-bc80-4fcf-b8bc-839052371730@lear.ch> <CABcZeBMABJ89T0qY0-9C3xxd=mFfGyCh7_9GKbEUBm6JtR+_ng@mail.gmail.com> <6c491f5c-92da-4fb3-a8b1-da1de27b36a6@lear.ch> <CABcZeBN1w0QU6ug3LcMwC+hTMA_-iOs32FkZe+gpPuFrp1y+JA@mail.gmail.com> <64e81f68-5169-4469-b5a0-2851da912091@lear.ch> <CABcZeBOLKMJb5pw59J072FsfeMFcoz1eZYxa1qpXDLW0nAU0cg@mail.gmail.com> <7b4d38b8-b4c1-412b-8287-bd44d0c512a3@lear.ch> <CABcZeBOQYp49i_JjE7vdg6AjxwyvktW7LFTJ4Mh3jt0bmxxxDQ@mail.gmail.com> <CAN8C-_+QUpU2bTeSFmLB7v1qLirTXtypR2U7D54JeEaeKfSp+Q@mail.gmail.com> <CABcZeBNtE6PtEdmh-2rTC5y9U7yEL8JVNo1HMjZtOQw-DHjXQQ@mail.gmail.com>
In-Reply-To: <CABcZeBNtE6PtEdmh-2rTC5y9U7yEL8JVNo1HMjZtOQw-DHjXQQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.81.24012814
x-originating-ip: [172.27.118.139]
Content-Type: multipart/alternative; boundary="_000_976D3C37F94645D6972E4BC829BD3C7Cakamaicom_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-25_13,2024-03-21_02,2023-05-22_02
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 malwarescore=0 spamscore=0 adultscore=0 suspectscore=0 mlxlogscore=723 phishscore=0 mlxscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2403210000 definitions=main-2403250095
X-Proofpoint-GUID: RIqb4IeJdpIrAtATFfLunCUDKRy705KW
X-Proofpoint-ORIG-GUID: RIqb4IeJdpIrAtATFfLunCUDKRy705KW
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-25_15,2024-03-21_02,2023-05-22_02
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 impostorscore=0 bulkscore=0 spamscore=0 adultscore=0 priorityscore=1501 malwarescore=0 mlxscore=0 mlxlogscore=626 clxscore=1011 suspectscore=0 lowpriorityscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2403210001 definitions=main-2403250097
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/TCmVnJJj97P4VN663wWApNv0GzQ>
Subject: Re: [saag] SSH & Ntruprime
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Mar 2024 17:05:32 -0000

A half-dozen emails came in while I was writing this and providing examples for it, so some of this will be repetitive, sorry.


  *   Fortunately, we have a natural experiment here, because RFC 8446 explicitly allows the registration of TLS code points based on I-Ds, so in five years I guess we can see how that worked.

8446 was published in August 2018, so we’re closing in on the first five years of registry action.

Allowing registry entries to point to a stable document source, rather than requiring an RFC, was an unequivocably good thing. (I’m one of the three TLS registry designated experts.) Look at the ALPN IDs[1] and notice the several entries that are not RFCs. Assume that most of those people would not go through the RFC process; would the Internet be better off if those registries did not exist? Same question for the Broadband form entry in exporter labels[2].  Same question for the ISO identity-based encryption signature schemes. Our job is to make the Internet work better, and those registry entries help that.

As for whether an Internet-Draft is acceptable, the IETF community decided some time ago that drafts do not get deleted, so they meet the requirements. This is also a good thing for several reasons. For example, several of the examples I quoted above would not come to the IETF if they had to write an RFC. Even if they do come, things change – SPDY becoming QUIC for example – so should we not register SPDY? Also, not every individual or organization has the wherewithal to have long-lasting links to documentation, and in many cases the IETF would probably prefer those things be kept as an IETF resource.


[1] https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids
[2] https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#exporter-labels
[3] https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-signaturescheme

v2.23.0 | Report a Bug | By Email