IETF Logo Mail Archive

[saag] Re: New Version Notification for draft-rsalz-crypto-registries-00.txt

Simon Josefsson <simon@josefsson.org> Fri, 29 November 2024 09:21 UTC

Return-Path: <simon@josefsson.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E63C9C180B52; Fri, 29 Nov 2024 01:21:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=josefsson.org header.b="9cBoNJor"; dkim=pass (2736-bit key) header.d=josefsson.org header.b="ICjn1yxC"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bdnq8QqREI8W; Fri, 29 Nov 2024 01:21:10 -0800 (PST)
Received: from uggla.sjd.se (uggla.sjd.se [IPv6:2001:9b1:8633::107]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3FAFFC14CE40; Fri, 29 Nov 2024 01:21:09 -0800 (PST)
DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=ed2303; h=Content-Type:MIME-Version:Message-ID:In-Reply-To :Date:References:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding :Content-ID:Content-Description; bh=Txb6E1QXoGqInS3bfIl48gdAEro+ga9ApKKEK8Tj5wI=; t=1732872061; x=1734081661; b=9cBoNJorelBAnXuI1oSfd9yMMhO46YoX0oZ4f8BukWfxrwNvRXy02CM097vplytt2qakLp5Zwqo wmCxvAu7jDQ==;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=rsa2303; h=Content-Type:MIME-Version:Message-ID: In-Reply-To:Date:References:Subject:Cc:To:From:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=Txb6E1QXoGqInS3bfIl48gdAEro+ga9ApKKEK8Tj5wI=; t=1732872061; x=1734081661; b=ICjn1yxCQF2gxzKwvrzXGipVTctsH2NK749ucfZadhMo4qWxBqo/w1cHcn84iYbja3QuzacTdF1 24kZP3sXvfi6c2ZVCoL1Lm91abRFYXZSgKIuLKPJ6WjBr7TnRHRkSeF3UaVPhR1WqUJOH0VKhi4En 0pm/7ApbN+u78sDLfROQ8zjUYwJyIFVAzKSymI9XovNC9yApioxnhwo0mkDjUzYz6ZWapeCuY31t8 OfPPToLInEbq2PLABWpuu+yu5sI9lU7xAW+DFjjwcEiPlL13q6X2rYr7b8Dl1hsGWHVUGlO4guyWc 1Hyr/lulK/2Xhto60+C5ov918bLZQb6zVL05AkI94Gw1PjAROgiJkh1WrG8+xPnXtD6485VMudvEC K1IKUj+yp/NE5uduqWmeRqa4Ns6DdqZQ55N/bV6JWZYL5XKi4MKABZxWo+zDl3ba4hcAVILry;
Received: from h-178-174-130-130.a498.priv.bahnhof.se ([178.174.130.130]:36342 helo=kaka) by uggla.sjd.se with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from <simon@josefsson.org>) id 1tGxBD-007hGg-WA; Fri, 29 Nov 2024 09:20:52 +0000
From: Simon Josefsson <simon@josefsson.org>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
References: <BE95E617-C929-43BA-BB40-41E189A8158B@akamai.com> <87ldxl5zp9.fsf@kaka.sjd.se> <26424.40383.605711.370013@fireball.acr.fi> <71bcb4f8-e147-a6cb-3c67-b6daef61f309@mindrot.org> <26439.33533.129915.244853@fireball.acr.fi> <SY8P300MB0711C796AB6095C788556516EE292@SY8P300MB0711.AUSP300.PROD.OUTLOOK.COM> <15450.1732763286@obiwan.sandelman.ca> <3029EB03-6E7A-47CB-9682-F511CB51EE17@akamai.com> <10065.1732826193@obiwan.sandelman.ca> <CACsn0cmWVeFdJ3dzMj5SV4XpJF4rssULtfQ1moeefoq-Evhk=g@mail.gmail.com> <ME0P300MB07139853519716E114E54041EE2A2@ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM> <714ff50c-6bab-4501-a617-93748c339962@lear.ch> <SY8P300MB07117B1C3B47895A4E395A26EE2A2@SY8P300MB0711.AUSP300.PROD.OUTLOOK.COM>
OpenPGP: id=B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE; url=https://josefsson.org/key-20190320.txt
X-Hashcash: 1:23:241129:lear@lear.ch::48WzjEKEW6WtWmGe:2njb
X-Hashcash: 1:23:241129:pgut001@cs.auckland.ac.nz::XdXfuMIsXD1DHyLA:4Tn2
X-Hashcash: 1:23:241129:djm@mindrot.org::EBn+CcHVBgAo3GtV:82Wb
X-Hashcash: 1:23:241129:kivinen@iki.fi::rB81fXOA1Kv4qiQ0:7Xv9
X-Hashcash: 1:23:241129:saag@ietf.org::Yv1gfh8dlJOUOWyi:G8BR
X-Hashcash: 1:23:241129:rsalz=40akamai.com@dmarc.ietf.org::0SZUdYHh4I8/5Yjs:metd
X-Hashcash: 1:23:241129:mcr+ietf@sandelman.ca::tlxec+WWu1tIlS0W:WxWk
X-Hashcash: 1:23:241129:watsonbladd@gmail.com::eo8rp4PzyjqUFQay:09vbT
Date: Fri, 29 Nov 2024 10:21:04 +0100
In-Reply-To: <SY8P300MB07117B1C3B47895A4E395A26EE2A2@SY8P300MB0711.AUSP300.PROD.OUTLOOK.COM> (Peter Gutmann's message of "Fri, 29 Nov 2024 08:38:43 +0000")
Message-ID: <871pyuxunz.fsf@kaka.sjd.se>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Message-ID-Hash: GKG5TJBZWMDC77MG3YYRAAOZSJAB5UO7
X-Message-ID-Hash: GKG5TJBZWMDC77MG3YYRAAOZSJAB5UO7
X-MailFrom: simon@josefsson.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-saag.ietf.org-0; header-match-saag.ietf.org-1; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Michael Richardson <mcr+ietf@sandelman.ca>, "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>, Tero Kivinen <kivinen@iki.fi>, Damien Miller <djm@mindrot.org>, IETF SAAG <saag@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [saag] Re: New Version Notification for draft-rsalz-crypto-registries-00.txt
List-Id: Security Area Advisory Group <saag.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/bIERs57eoz_OEC4QfTY8ImJFkYw>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Owner: <mailto:saag-owner@ietf.org>
List-Post: <mailto:saag@ietf.org>
List-Subscribe: <mailto:saag-join@ietf.org>
List-Unsubscribe: <mailto:saag-leave@ietf.org>

Peter Gutmann <pgut001@cs.auckland.ac.nz> writes:

> Eliot Lear writes:
>
>>Perhaps one of the best kept secrets we have is the independent submissions
>>stream, which provides exactly this path.  See
>>https://www.rfc-editor.org/about/independent/.
>
> I think that definitely needs to be publicised more, or perhaps people
> encouraged to use it more rather than creating de facto standards.  The last
> part of my comment was a subtle dig at someone elsewhere in the thread who
> said that we can't allow publication of stuff like the OpenSSH extensions
> because it implies endorsement by the IETF.  The point I was trying to make
> was that they're called Request for Comments for a reason, so when it's
> clearly marked as "Informational" hopefully no-one will mistake that as an
> IETF-endorsed standard of any kind.
>
> One question about the independent-submissions track, pretty much everything
> you can do in the IETF is already the domain of some standards group or other,
> so if someone submitted an independent submission would it end up being
> blocked with the justification being that it's an attempt to bypass the
> standards group?  For example if GPG published their private extensions to
> OpenPGP (to avoid picking on OpenSSH for a change :-) would it end up being
> blocked because it's not being done via the OpenPGP WG?

That is my impression -- the independent submission track has not been a
relevant venue because it is possible to block publications by setting
up a WG, or bring up a topic in some existing WG, to fillibuster things.

The argument seems to be that independent submissions are inappropriate
while ongoing discussions occur in the IETF, and as we know "ongoing
discussions" are easy to prolong indefinitely if you so desire.
Alternatively, invoke the rough consensus argument.  I recall that we
explored independent submission for PEAP, EdDSA and some CURVES-related
documents, with different outcomes.

https://www.rfc-editor.org/rfc/rfc5742.html#section-3

Perhaps we should try with LibrePGP?  There is an I-D on it, so here we
can't blame the authors for not bringing this work to the IETF.

https://datatracker.ietf.org/doc/html/draft-koch-librepgp-02
https://librepgp.org/updates.html

/Simon

v2.29.0 | Report a Bug | By Email | System Status