Re: [saag] SSH & Ntruprime
Orie Steele <orie@transmute.industries> Mon, 25 March 2024 15:28 UTC
Return-Path: <orie@transmute.industries>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC026C14F6B6 for <saag@ietfa.amsl.com>; Mon, 25 Mar 2024 08:28:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.086
X-Spam-Level:
X-Spam-Status: No, score=-7.086 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_REMOTE_IMAGE=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=transmute.industries
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rtdOWm3Ubj1F for <saag@ietfa.amsl.com>; Mon, 25 Mar 2024 08:28:24 -0700 (PDT)
Received: from mail-pj1-x102b.google.com (mail-pj1-x102b.google.com [IPv6:2607:f8b0:4864:20::102b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 55309C14CE44 for <saag@ietf.org>; Mon, 25 Mar 2024 08:28:13 -0700 (PDT)
Received: by mail-pj1-x102b.google.com with SMTP id 98e67ed59e1d1-29dfad24f36so2998206a91.0 for <saag@ietf.org>; Mon, 25 Mar 2024 08:28:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transmute.industries; s=google; t=1711380492; x=1711985292; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=L5/93eDZf3SIQbrlYWGXCB9YHwtDxtredIfz4c2SdXQ=; b=jzGBFk3HKgn+v1/Eh4JPyLdJGZ8Nj63OC/MOhWy/VkD+jY6gEH8JhEUj9Ss8L6NOOY bx7EYwQkH1fe0UIcNKMGNsyiehOPSceis4nm88jgoZ3GaEyiUq6CPrMn8S7XDfJUNT6+ n2lcChFzMlNsXjTSpRFxtH8WJ2t7xuur2Ch/ULyi0JyH+pcc2OXSHI+OzmeoOxaqoB+q LwFZSKGhq0JTU6wbXGW8D4EKKqTaOVyOUJ0yKLIrVIBm2/EM30TroiyssJUJMAEvyq5S YBDuPqD9btoS0Fc+7iMGaz0C4XwBt80VSIiF6DXPX1p8HNWWXeJ2J9Slg24lVdPOmfl1 rBbw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711380492; x=1711985292; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=L5/93eDZf3SIQbrlYWGXCB9YHwtDxtredIfz4c2SdXQ=; b=m8upeyRCz2VloCsPRqfuWMRHbnXXm0Yz4MVUKaphJB9CNork2yuw0WMegGlRHxxapE mVZAzS7OM+vIj55FUwbNMc+lgeotPA11iBbSIfq3yslW+LdLgMkSQ41doOdjB0BqM/rn rGMvMhcN3yC8CkX0YkD/e6Bv48R6xnldP/McWyEOW5o8Hz1gLdwSBq3IPP2CUb13cAQa pmvnLIX2fjJRklKlGfMzgxBXPotoEc5saB8sg+vuwrBrfWgGMPL0FbihUyosmqVDcZ+n ieG92VyDLl0IwLMpaJyjbqW0yDEuFpbMYmidYPKUwofZJ2BGSoPhTH4nT16AVm5e2qRQ DAVg==
X-Forwarded-Encrypted: i=1; AJvYcCVlazOYoJGvsqG8lifdmHU4sghUdHJ5oSXz/LKjxWKkEoD/100d5TgyLcikyVj5Gd1pyGc4uIkNZ5gzlQJp
X-Gm-Message-State: AOJu0YxettUuBp63ptJax6IZ69hT6Ed3RuH6x6u+rl1oOFo1cENDdHLS vhluZrbdnc2NXamKBr0LFUjcRvOAf8OaNSPHrTn0huXDC1oTVYMWs8BQqMjCvoWlNuYxtyDryfa bbynZsECPnFktFBy/igLs5imUalOCMcsD2sEYJ7vSSBcjImSY2Rw=
X-Google-Smtp-Source: AGHT+IGMBgBqUTzgx3Nh/o5b3rkrg9ZbS3BQXAkNW44Asm7ztjNU5YsjSGUbXzU8eJkE9x0qG8lm23AEJLVDLuJZczY=
X-Received: by 2002:a17:90a:bd0c:b0:29c:74a4:72b3 with SMTP id y12-20020a17090abd0c00b0029c74a472b3mr5213165pjr.8.1711380492014; Mon, 25 Mar 2024 08:28:12 -0700 (PDT)
MIME-Version: 1.0
References: <CABcZeBPWjXvLh06-DBO3Z0sfeb2hgzqzaSZ-J2-TZ7qesrSraA@mail.gmail.com> <D0CD341B-523B-48A0-8954-EE7F89113241@aiven.io> <AF7B6F32-9EE6-4810-A99A-833DEA917FA9@sonic.net> <CABcZeBPfXQckpZageogUxTYgX2j_Nr_O3bvf-a-x0S_82BHMxg@mail.gmail.com> <079A0AA3-FA02-440F-ABA0-6AF897570E86@sonic.net> <CABcZeBOxfYR+=61DV1XN0F9nrmbzLR2zq_ZvADw4UUy1uFafzw@mail.gmail.com> <8caa2d4d-bc80-4fcf-b8bc-839052371730@lear.ch> <CABcZeBMABJ89T0qY0-9C3xxd=mFfGyCh7_9GKbEUBm6JtR+_ng@mail.gmail.com> <6c491f5c-92da-4fb3-a8b1-da1de27b36a6@lear.ch> <CABcZeBN1w0QU6ug3LcMwC+hTMA_-iOs32FkZe+gpPuFrp1y+JA@mail.gmail.com> <64e81f68-5169-4469-b5a0-2851da912091@lear.ch> <CABcZeBOLKMJb5pw59J072FsfeMFcoz1eZYxa1qpXDLW0nAU0cg@mail.gmail.com> <7b4d38b8-b4c1-412b-8287-bd44d0c512a3@lear.ch> <CABcZeBOQYp49i_JjE7vdg6AjxwyvktW7LFTJ4Mh3jt0bmxxxDQ@mail.gmail.com>
In-Reply-To: <CABcZeBOQYp49i_JjE7vdg6AjxwyvktW7LFTJ4Mh3jt0bmxxxDQ@mail.gmail.com>
From: Orie Steele <orie@transmute.industries>
Date: Mon, 25 Mar 2024 08:28:00 -0700
Message-ID: <CAN8C-_+QUpU2bTeSFmLB7v1qLirTXtypR2U7D54JeEaeKfSp+Q@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: Eliot Lear <lear@lear.ch>, saag <saag@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000004d79b906147dd272"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/U9T3gsYJkgAWManBhevbKSxca0Y>
Subject: Re: [saag] SSH & Ntruprime
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Mar 2024 15:28:28 -0000
> Internet-Drafts (often referred to simply as "drafts") have no formal status, and are subject to change or removal at any time; therefore they should not be cited or quoted in any formal document. https://www.ietf.org/how/ids/ Sure a specific version won't change, but we have no assurance that newer versions won't be intentionally crippled by authors, and no assurance that implementers won't assume the latest version isn't the correct one to implement... (developers are conditioned to believe that the latest version addresses security issues). - https://snyk.io/blog/open-source-npm-packages-colors-faker/ - leftpad... etc... If the draft is later updated to cripple implementations, it will be the IETF, not the authors that will be blamed for the resulting damage. In the long term, this will harm the reputation of the IETF, and I doubt we will convince developers it's the authors fault, since we are the ones hosting their drafts. OS On Mon, Mar 25, 2024 at 7:36 AM Eric Rescorla <ekr@rtfm.com> wrote: > > > On Mon, Mar 25, 2024 at 7:25 AM Eliot Lear <lear@lear.ch> wrote: > >> Eric, >> >> On 25.03.2024 15:23, Eric Rescorla wrote: >> > Why does it make sense to require some third party to host a spec with >> > unclear stability properties when we already have a way of hosting >> > with clear stability properties? >> >> I'm not requiring anything, but you and I are disagreeing about the >> stability properties of drafts. >> > > I'm not sure what you think that disagreement is about, as those > properties are quite clear: > > 1. Any individual draft version doesn't change. > 2. Whether subsequent versions are issued or are different is up to the > authors, but it's visible when it happens because the version increments. > > The properties of a document hosted on someone's web site are that it can > be changed at any time and those changes may or may not be visible. Why do > you think this is more stable? > > -Ekr > > _______________________________________________ > saag mailing list > saag@ietf.org > https://www.ietf.org/mailman/listinfo/saag > -- ORIE STEELE Chief Technology Officer www.transmute.industries <https://transmute.industries>
- [saag] SSH & Ntruprime Loganaden Velvindron
- Re: [saag] SSH & Ntruprime D. J. Bernstein
- Re: [saag] SSH & Ntruprime Harry Halpin
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Paul Wouters
- Re: [saag] SSH & Ntruprime Simon Josefsson
- Re: [saag] SSH & Ntruprime Loganaden Velvindron
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Eliot Lear
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Eliot Lear
- Re: [saag] SSH & Ntruprime Orie Steele
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Eliot Lear
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Eliot Lear
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Jan-Frederik Rieckers
- Re: [saag] SSH & Ntruprime Orie Steele
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Michael StJohns
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Orie Steele
- Re: [saag] SSH & Ntruprime Salz, Rich
- Re: [saag] SSH & Ntruprime Eliot Lear
- Re: [saag] SSH & Ntruprime Melinda Shore
- Re: [saag] SSH & Ntruprime Michael StJohns
- Re: [saag] SSH & Ntruprime Salz, Rich
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Salz, Rich
- Re: [saag] SSH & Ntruprime S Moonesamy
- Re: [saag] SSH & Ntruprime Michael StJohns
- Re: [saag] SSH & Ntruprime Salz, Rich
- Re: [saag] SSH & Ntruprime Michael StJohns
- Re: [saag] SSH & Ntruprime Salz, Rich
- Re: [saag] SSH & Ntruprime Salz, Rich
- Re: [saag] SSH & Ntruprime Eliot Lear
- Re: [saag] SSH & Ntruprime Michael StJohns
- Re: [saag] SSH & Ntruprime Ira McDonald
- Re: [saag] SSH & Ntruprime Michael Richardson
- Re: [saag] SSH & Ntruprime Paul Wouters
- Re: [saag] SSH & Ntruprime Simon Josefsson
- Re: [saag] SSH & Ntruprime Christian Huitema
- Re: [saag] SSH & Ntruprime Russ Housley
- Re: [saag] SSH & Ntruprime Orie Steele
- Re: [saag] SSH & Ntruprime Michael Richardson
- Re: [saag] SSH & Ntruprime Loganaden Velvindron
- Re: [saag] SSH & Ntruprime Loganaden Velvindron
- Re: [saag] SSH & Ntruprime Michael Richardson
- Re: [saag] SSH & Ntruprime Paul Wouters
- Re: [saag] SSH & Ntruprime Michael Richardson
- Re: [saag] SSH & Ntruprime Michael Richardson
- Re: [saag] SSH & Ntruprime Paul Wouters
- Re: [saag] SSH & Ntruprime Stephen Farrell
- Re: [saag] SSH & Ntruprime Simon Josefsson
- Re: [saag] SSH & Ntruprime Mark Baushke (ietf)
- Re: [saag] SSH & Ntruprime Stephen Farrell
- Re: [saag] SSH & Ntruprime D. J. Bernstein
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Eliot Lear
- Re: [saag] SSH & Ntruprime Salz, Rich
- Re: [saag] SSH & Ntruprime Stephen Farrell
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Michael StJohns
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Michael StJohns
- Re: [saag] SSH & Ntruprime S Moonesamy
- Re: [saag] SSH & Ntruprime Paul Wouters
- Re: [saag] SSH & Ntruprime Watson Ladd
- Re: [saag] SSH & Ntruprime Stephen Farrell
- Re: [saag] SSH & Ntruprime Simon Josefsson
- Re: [saag] SSH & Ntruprime StJohns, Michael
- Re: [saag] SSH & Ntruprime Watson Ladd
- Re: [saag] SSH & Ntruprime Stephen Farrell
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Watson Ladd
- Re: [saag] SSH & Ntruprime Michael StJohns
- Re: [saag] SSH & Ntruprime S Moonesamy
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime D. J. Bernstein
- Re: [saag] SSH & Ntruprime Salz, Rich
- Re: [saag] SSH & Ntruprime Paul Wouters
- Re: [saag] SSH & Ntruprime D. J. Bernstein
- Re: [saag] SSH & Ntruprime Deb Cooley
- Re: [saag] SSH & Ntruprime Christian Huitema
- Re: [saag] SSH & Ntruprime Simon Josefsson