Re: [saag] SSH & Ntruprime
Michael StJohns <msj@nthpermutation.com> Mon, 25 March 2024 17:40 UTC
Return-Path: <msj@nthpermutation.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3769DC15198B for <saag@ietfa.amsl.com>; Mon, 25 Mar 2024 10:40:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.883
X-Spam-Level:
X-Spam-Status: No, score=-1.883 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_KAM_HTML_FONT_INVALID=0.01, T_REMOTE_IMAGE=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nthpermutation-com.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XX92gNTrZ-1s for <saag@ietfa.amsl.com>; Mon, 25 Mar 2024 10:40:25 -0700 (PDT)
Received: from mail-qt1-x82c.google.com (mail-qt1-x82c.google.com [IPv6:2607:f8b0:4864:20::82c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9EBE4C1519B8 for <saag@ietf.org>; Mon, 25 Mar 2024 10:40:19 -0700 (PDT)
Received: by mail-qt1-x82c.google.com with SMTP id d75a77b69052e-430b870163eso52778791cf.1 for <saag@ietf.org>; Mon, 25 Mar 2024 10:40:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nthpermutation-com.20230601.gappssmtp.com; s=20230601; t=1711388418; x=1711993218; darn=ietf.org; h=in-reply-to:from:references:cc:to:content-language:subject :user-agent:mime-version:date:message-id:from:to:cc:subject:date :message-id:reply-to; bh=P4hiQ89mUu+TKWshAQzb7xu7zE53cVIfDRvqQAcnB7k=; b=uLIHrCIbQNcde7OZFk+VkHBuuBkBN0FejEwdmky9WQ7gcg5AQ4zz/YWt1KTSachnfj WHxCnZlyqzlOPAz0NheCpJJOwq11YPbaSI7xekHuYgM1BMssEfrYvVpAgXKSsnw5sYVo gtZ9EWMHBTH4tqGcDG928/Gl5r+D2uDIn0bOFbJqPgxOJEUkhxIzD/ZWO9pmYuhhCK9V 0vgLeNSSpQEUahwPfBk1N+/kHG40kt0deQHRtFloD6ykXnW/7XqUPr8PmC1UyYOnhsa7 vIWlYg0FS1ot2ys5zPh5FOgjJR/CbUE795wazZx9RpRfd6CbsR7kO2+K01ynPctDIyfX 1YFw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711388418; x=1711993218; h=in-reply-to:from:references:cc:to:content-language:subject :user-agent:mime-version:date:message-id:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=P4hiQ89mUu+TKWshAQzb7xu7zE53cVIfDRvqQAcnB7k=; b=fHhlqhOzLtrqN864mG5R/hwd0kbf60DzibOU6WR46EhhqGJ2+UvV8v0L49ShOneUF/ a2bJK2uvhnfQ2Ep5Su+c91YMjqMkR1dWUIwueCtytkxyaSwH+xf0rnTYISF7LlKvzmnp Mf9rxb07KesKjhFp6yw1khKXmpy0g+ym2eKUHLwNGCGWuMg+S05ljgDX1DF51Srlgnue 2FhSeWAAk+m1OpxjcD4ib1F7IJdTziR7r6eVZHivGBI4Zs6DruheFbZiNpbzWKiIzZTo 465ryS2qHNr/MNCn4lgoUsTd/5i2PqRA0rH2CX7XSiBaZjH2Ivx3gouB/2ZlvMpyg1Ev QHgw==
X-Gm-Message-State: AOJu0Yy1b2hHNyYlAYBc+Jih92qXl5NQFXSXAPIVeQpqbQqDsR02RT4r UKXe5DVaYSUAxc/rd6bXhHH0vjSheT2WEtwPMKa8bcxL08WOIqdp4VZlCe40dow=
X-Google-Smtp-Source: AGHT+IF/OQHN4RpzGm/6C7XCD6tsp7W/pRKQ1FiJrJpG2WU7pKKewWl6n0KYAcinyuWSf1aTojXN+A==
X-Received: by 2002:a05:6214:2249:b0:691:15c4:7983 with SMTP id c9-20020a056214224900b0069115c47983mr12880978qvc.0.1711388418179; Mon, 25 Mar 2024 10:40:18 -0700 (PDT)
Received: from [192.168.1.23] (pool-108-31-156-76.washdc.fios.verizon.net. [108.31.156.76]) by smtp.gmail.com with ESMTPSA id gf15-20020a056214250f00b006912014b98dsm4283476qvb.129.2024.03.25.10.40.17 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 25 Mar 2024 10:40:17 -0700 (PDT)
Content-Type: multipart/alternative; boundary="------------NBTpuqoz0Z3UOqQGxT4H9gJk"
Message-ID: <180b6873-d917-4a6f-9fa7-b174e0afae66@nthpermutation.com>
Date: Mon, 25 Mar 2024 13:40:15 -0400
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: Orie Steele <orie@transmute.industries>, Eric Rescorla <ekr@rtfm.com>
Cc: saag@ietf.org
References: <CABcZeBPWjXvLh06-DBO3Z0sfeb2hgzqzaSZ-J2-TZ7qesrSraA@mail.gmail.com> <079A0AA3-FA02-440F-ABA0-6AF897570E86@sonic.net> <CABcZeBOxfYR+=61DV1XN0F9nrmbzLR2zq_ZvADw4UUy1uFafzw@mail.gmail.com> <8caa2d4d-bc80-4fcf-b8bc-839052371730@lear.ch> <CABcZeBMABJ89T0qY0-9C3xxd=mFfGyCh7_9GKbEUBm6JtR+_ng@mail.gmail.com> <6c491f5c-92da-4fb3-a8b1-da1de27b36a6@lear.ch> <CABcZeBN1w0QU6ug3LcMwC+hTMA_-iOs32FkZe+gpPuFrp1y+JA@mail.gmail.com> <64e81f68-5169-4469-b5a0-2851da912091@lear.ch> <CABcZeBOLKMJb5pw59J072FsfeMFcoz1eZYxa1qpXDLW0nAU0cg@mail.gmail.com> <7b4d38b8-b4c1-412b-8287-bd44d0c512a3@lear.ch> <CABcZeBOQYp49i_JjE7vdg6AjxwyvktW7LFTJ4Mh3jt0bmxxxDQ@mail.gmail.com> <CAN8C-_+QUpU2bTeSFmLB7v1qLirTXtypR2U7D54JeEaeKfSp+Q@mail.gmail.com> <CABcZeBNtE6PtEdmh-2rTC5y9U7yEL8JVNo1HMjZtOQw-DHjXQQ@mail.gmail.com> <88a1bb16-b0ef-49b3-a661-c343b4faa7a9@nthpermutation.com> <CABcZeBOo7e=jgrkMa4iXYy-x_2o6eZjTpEyezQiu7AKHk4ZhFQ@mail.gmail.com> <CAN8C-_JKbJLB6EU+8zUoeUgYVMkR4ErkSdpvuzr4LYoNcRKccA@mail.gmail.com>
From: Michael StJohns <msj@nthpermutation.com>
In-Reply-To: <CAN8C-_JKbJLB6EU+8zUoeUgYVMkR4ErkSdpvuzr4LYoNcRKccA@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/bcRLbtOLXr3-3UIYkxkL6Wns_W4>
Subject: Re: [saag] SSH & Ntruprime
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Mar 2024 17:40:29 -0000
On 3/25/2024 12:52 PM, Orie Steele wrote: > https://www.rfc-editor.org/rfc/rfc8126#section-4.6 > > Makes it clear, the expert could decide to accept anything they are > directed to accept. > > In absence of guidance NOT to accept IDs, I would assert its at the > discretion of the expert, and can readily cite examples in the wild, > where specification required was satisfied with IDs, for example: > > https://www.iana.org/assignments/hpke/hpke.xhtml > https://datatracker.ietf.org/doc/draft-westerbaan-cfrg-hpke-xyber768d00/02/ > > If the draft above is ever updated to use a "generic kem combiner" the > code point for the -02 will need to be abandoned and a new one will > need to be assigned. > > Of course the same thing could happen if the reference were a github > readme at a specific commit. > > Probably no need to ask IANA, see this recent reply: > > https://mailarchive.ietf.org/arch/msg/kitten/nKpKSY9Lo9gL2rTju1xDqGFwbCo/ > > All this aside, it's still my opinion that it's not a good thing to > encourage DE's to accept IDs, and if given the choice of specification > required and a link to a github repo (which can be deleted at any > time), and specification required with a link to an ID (which can be > deleted at any time)... I still prefer the external link, because it > does not create quality confusion regarding IETF documents... But I'll > concede my objection is more based on optics than deviation from process. > > OS Hi Orie - Let me bring your attention to the fact that if the assignment to this draft had been made around the time of RFC447, the link in the registry probably would now be wrong. Sometime in recent history, we completely restructured the IETF website and the tools/datatracker sections and broke a lot of links - including I believe the ID links. For the purposes of datatracker, RFCDIFF and IPR related to ID's, this wasn't a problem, because the tools themselves were updated to point to the right places. The IANA seems to have recognized this as they copy the current ID over to the IANA website. https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids numbers 60 and 61. ID 60 references https://www.iana.org/go/draft-pismenny-tls-dtls-plaintext-sequence-number-01. However, looking at https://datatracker.ietf.org/doc/draft-pismenny-tls-dtls-plaintext-sequence-number/ There is now an 02 draft. *_Which is the proper reference for ID 60?_* Has the IETF committed itself - through an actual public discussion - of making the IDs archival? Keeping them online - yes. Keeping them at a fixed URL, I think not and I think RFC8447 was a mistake. Referencing RFC8477 as precedent for Murray's question seems problematic. I'd recommend revoking the notes on the existing registries that allow references to IDs. And, going forward, request the IESG refrain from approving any further notes similar to those on RFC8447 until there's an actual consensus and a plan to support "archivalness" of the ID series (e.g. with a fixed URL and with a firm requirement that closes the path of updating the ID). Later, Mike > > > On Mon, Mar 25, 2024 at 9:26 AM Eric Rescorla <ekr@rtfm.com> wrote: > > > > On Mon, Mar 25, 2024 at 9:22 AM Michael StJohns > <msj@nthpermutation.com> wrote: > > Trimmed. > > On 3/25/2024 12:06 PM, Eric Rescorla wrote: >> >> >> On Mon, Mar 25, 2024 at 8:28 AM Orie Steele >> <orie@transmute.industries> >> <mailto:orie@transmute.industries> wrote: >> >> > Internet-Drafts (often referred to simply as "drafts") >> have no formal status, and are subject to change or >> removal at any time; therefore they should not be cited >> or quoted in any formal document. >> we are the ones hosting their drafts. >> >> >> Yeah, this seems pretty speculative. >> >> Fortunately, we have a natural experiment here, because RFC >> 8446 explicitly allows the registration of TLS code points >> based on I-Ds, so in five years I guess we can see how that >> worked. >> >> -Ekr >> > Hi - > > I just took a look at RFC8446 and I can't find support for > that claim. > > My mistake, it's 8447. Muscle memory took over there. > > See https://www.rfc-editor.org/rfc/rfc8447#section-7 > > -Ekr > > > The IANA considerations section refers to RFC8126 and only > "Specification Required" or "Standards Action" as the path to > registration. Searching for "ID", "I-D", "internet draft" > and "Internet-Draft" doesn't get me anything. > > AFAIK, "Specification Required" as defined in 8126 does not > include Internet Drafts, even under the heading of "informal > documentation" . Maybe time to ask the IANA? > > Later, Mike > > _______________________________________________ > saag mailing list > saag@ietf.org > https://www.ietf.org/mailman/listinfo/saag > > _______________________________________________ > saag mailing list > saag@ietf.org > https://www.ietf.org/mailman/listinfo/saag > > > > -- > > > ORIE STEELEChief Technology Officerwww.transmute.industries > > <https://transmute.industries> >
- [saag] SSH & Ntruprime Loganaden Velvindron
- Re: [saag] SSH & Ntruprime D. J. Bernstein
- Re: [saag] SSH & Ntruprime Harry Halpin
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Paul Wouters
- Re: [saag] SSH & Ntruprime Simon Josefsson
- Re: [saag] SSH & Ntruprime Loganaden Velvindron
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Eliot Lear
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Eliot Lear
- Re: [saag] SSH & Ntruprime Orie Steele
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Eliot Lear
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Eliot Lear
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Jan-Frederik Rieckers
- Re: [saag] SSH & Ntruprime Orie Steele
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Michael StJohns
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Orie Steele
- Re: [saag] SSH & Ntruprime Salz, Rich
- Re: [saag] SSH & Ntruprime Eliot Lear
- Re: [saag] SSH & Ntruprime Melinda Shore
- Re: [saag] SSH & Ntruprime Michael StJohns
- Re: [saag] SSH & Ntruprime Salz, Rich
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Salz, Rich
- Re: [saag] SSH & Ntruprime S Moonesamy
- Re: [saag] SSH & Ntruprime Michael StJohns
- Re: [saag] SSH & Ntruprime Salz, Rich
- Re: [saag] SSH & Ntruprime Michael StJohns
- Re: [saag] SSH & Ntruprime Salz, Rich
- Re: [saag] SSH & Ntruprime Salz, Rich
- Re: [saag] SSH & Ntruprime Eliot Lear
- Re: [saag] SSH & Ntruprime Michael StJohns
- Re: [saag] SSH & Ntruprime Ira McDonald
- Re: [saag] SSH & Ntruprime Michael Richardson
- Re: [saag] SSH & Ntruprime Paul Wouters
- Re: [saag] SSH & Ntruprime Simon Josefsson
- Re: [saag] SSH & Ntruprime Christian Huitema
- Re: [saag] SSH & Ntruprime Russ Housley
- Re: [saag] SSH & Ntruprime Orie Steele
- Re: [saag] SSH & Ntruprime Michael Richardson
- Re: [saag] SSH & Ntruprime Loganaden Velvindron
- Re: [saag] SSH & Ntruprime Loganaden Velvindron
- Re: [saag] SSH & Ntruprime Michael Richardson
- Re: [saag] SSH & Ntruprime Paul Wouters
- Re: [saag] SSH & Ntruprime Michael Richardson
- Re: [saag] SSH & Ntruprime Michael Richardson
- Re: [saag] SSH & Ntruprime Paul Wouters
- Re: [saag] SSH & Ntruprime Stephen Farrell
- Re: [saag] SSH & Ntruprime Simon Josefsson
- Re: [saag] SSH & Ntruprime Mark Baushke (ietf)
- Re: [saag] SSH & Ntruprime Stephen Farrell
- Re: [saag] SSH & Ntruprime D. J. Bernstein
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Eliot Lear
- Re: [saag] SSH & Ntruprime Salz, Rich
- Re: [saag] SSH & Ntruprime Stephen Farrell
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Michael StJohns
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Michael StJohns
- Re: [saag] SSH & Ntruprime S Moonesamy
- Re: [saag] SSH & Ntruprime Paul Wouters
- Re: [saag] SSH & Ntruprime Watson Ladd
- Re: [saag] SSH & Ntruprime Stephen Farrell
- Re: [saag] SSH & Ntruprime Simon Josefsson
- Re: [saag] SSH & Ntruprime StJohns, Michael
- Re: [saag] SSH & Ntruprime Watson Ladd
- Re: [saag] SSH & Ntruprime Stephen Farrell
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Watson Ladd
- Re: [saag] SSH & Ntruprime Michael StJohns
- Re: [saag] SSH & Ntruprime S Moonesamy
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime D. J. Bernstein
- Re: [saag] SSH & Ntruprime Salz, Rich
- Re: [saag] SSH & Ntruprime Paul Wouters
- Re: [saag] SSH & Ntruprime D. J. Bernstein
- Re: [saag] SSH & Ntruprime Deb Cooley
- Re: [saag] SSH & Ntruprime Christian Huitema
- Re: [saag] SSH & Ntruprime Simon Josefsson