IETF Logo Mail Archive

Re: [saag] SSH & Ntruprime

"Salz, Rich" <rsalz@akamai.com> Mon, 25 March 2024 17:35 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C65BC151538 for <saag@ietfa.amsl.com>; Mon, 25 Mar 2024 10:35:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.705
X-Spam-Level:
X-Spam-Status: No, score=-2.705 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VlUH7zxDvqx3 for <saag@ietfa.amsl.com>; Mon, 25 Mar 2024 10:35:14 -0700 (PDT)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0114DC14CE42 for <saag@ietf.org>; Mon, 25 Mar 2024 10:35:13 -0700 (PDT)
Received: from pps.filterd (m0122331.ppops.net [127.0.0.1]) by mx0b-00190b01.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42P75TGc011395; Mon, 25 Mar 2024 17:35:12 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h= from:to:cc:subject:date:message-id:references:in-reply-to :content-type:mime-version; s=jan2016.eng; bh=k3R3X+OZXHYi+KhmHo nSLpLG4XUfzEiX3HiVchtCWuc=; b=g9QoBaUE2/Dx7QzyKu2QSTLY6Hwq0uGlR8 qOwDgMEvEXtshkwf04jifrzXUTzVyX0zby13CP9RRxryUO7BMhJECym+VhTHvbB+ 5ga1m7IZavHq8LYOBtq8aVnNjssZeWPRCmWTj7cGVrQLxLhi0mLXA3e1cnTEicWM 2WTjBvohDoCf5n957YOJibDAxnjaiHk4WnCaqKMEMRAhJcuoGLPFWxs4SJeMP3eF axPHCHxADtaLcdOd/xFqGdN1OTekPi8+KBvhJP5fCPKRHf9KQfbZmKdNl/4aOQ4T fMin3grFdS1vlsuOmihuYk3HJRHZ+jIdaFzT7sfVqXaRIZKSCZFw==
Received: from prod-mail-ppoint7 (a72-247-45-33.deploy.static.akamaitechnologies.com [72.247.45.33] (may be forged)) by mx0b-00190b01.pphosted.com (PPS) with ESMTPS id 3x1mu0gp7w-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 25 Mar 2024 17:35:12 +0000 (GMT)
Received: from pps.filterd (prod-mail-ppoint7.akamai.com [127.0.0.1]) by prod-mail-ppoint7.akamai.com (8.17.1.19/8.17.1.19) with ESMTP id 42PFFc2D018765; Mon, 25 Mar 2024 13:35:11 -0400
Received: from email.msg.corp.akamai.com ([172.27.50.202]) by prod-mail-ppoint7.akamai.com (PPS) with ESMTPS id 3x1tdyamgr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 25 Mar 2024 13:35:11 -0400
Received: from ustx2ex-dag4mb4.msg.corp.akamai.com (172.27.50.203) by ustx2ex-dag4mb3.msg.corp.akamai.com (172.27.50.202) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.28; Mon, 25 Mar 2024 10:35:10 -0700
Received: from ustx2ex-dag4mb4.msg.corp.akamai.com ([172.27.50.203]) by ustx2ex-dag4mb4.msg.corp.akamai.com ([172.27.50.203]) with mapi id 15.02.1258.028; Mon, 25 Mar 2024 10:35:10 -0700
From: "Salz, Rich" <rsalz@akamai.com>
To: Michael StJohns <msj@nthpermutation.com>, Eric Rescorla <ekr@rtfm.com>
CC: "saag@ietf.org" <saag@ietf.org>
Thread-Topic: [saag] SSH & Ntruprime
Thread-Index: AQHafEytzfICQedvJ0iuZh0hh4HscrFEOcqAgAADCYCAAIeagIACcif0gABrCTSAAOTuAIAAa+IAgAAB/gCAAANqgIAAA5cAgAABaoCAAACRgIAAAnqAgAAO6ACAAArPgIAABFEAgAABD4CAAAqegP//xauA
Date: Mon, 25 Mar 2024 17:35:10 +0000
Message-ID: <1DDA40A1-AA05-493C-9157-351BE58F60BC@akamai.com>
References: <CABcZeBPWjXvLh06-DBO3Z0sfeb2hgzqzaSZ-J2-TZ7qesrSraA@mail.gmail.com> <CABcZeBPfXQckpZageogUxTYgX2j_Nr_O3bvf-a-x0S_82BHMxg@mail.gmail.com> <079A0AA3-FA02-440F-ABA0-6AF897570E86@sonic.net> <CABcZeBOxfYR+=61DV1XN0F9nrmbzLR2zq_ZvADw4UUy1uFafzw@mail.gmail.com> <8caa2d4d-bc80-4fcf-b8bc-839052371730@lear.ch> <CABcZeBMABJ89T0qY0-9C3xxd=mFfGyCh7_9GKbEUBm6JtR+_ng@mail.gmail.com> <6c491f5c-92da-4fb3-a8b1-da1de27b36a6@lear.ch> <CABcZeBN1w0QU6ug3LcMwC+hTMA_-iOs32FkZe+gpPuFrp1y+JA@mail.gmail.com> <64e81f68-5169-4469-b5a0-2851da912091@lear.ch> <CABcZeBOLKMJb5pw59J072FsfeMFcoz1eZYxa1qpXDLW0nAU0cg@mail.gmail.com> <7b4d38b8-b4c1-412b-8287-bd44d0c512a3@lear.ch> <CABcZeBOQYp49i_JjE7vdg6AjxwyvktW7LFTJ4Mh3jt0bmxxxDQ@mail.gmail.com> <CAN8C-_+QUpU2bTeSFmLB7v1qLirTXtypR2U7D54JeEaeKfSp+Q@mail.gmail.com> <CABcZeBNtE6PtEdmh-2rTC5y9U7yEL8JVNo1HMjZtOQw-DHjXQQ@mail.gmail.com> <88a1bb16-b0ef-49b3-a661-c343b4faa7a9@nthpermutation.com> <CABcZeBOo7e=jgrkMa4iXYy-x_2o6eZjTpEyezQiu7AKHk4ZhFQ@mail.gmail.com> <ab9552a0-9971-4ae6-a046-36ca8201c8f7@nthpermutation.com>
In-Reply-To: <ab9552a0-9971-4ae6-a046-36ca8201c8f7@nthpermutation.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.81.24012814
x-originating-ip: [172.27.118.139]
Content-Type: multipart/alternative; boundary="_000_1DDA40A1AA05493C9157351BE58F60BCakamaicom_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-25_15,2024-03-21_02,2023-05-22_02
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxlogscore=976 malwarescore=0 mlxscore=0 suspectscore=0 spamscore=0 adultscore=0 phishscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2403210000 definitions=main-2403250101
X-Proofpoint-GUID: ylW-lxZt4nqcudeqjCB-a9c0IDOuRLg9
X-Proofpoint-ORIG-GUID: ylW-lxZt4nqcudeqjCB-a9c0IDOuRLg9
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-25_15,2024-03-21_02,2023-05-22_02
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 impostorscore=0 bulkscore=0 spamscore=0 adultscore=0 priorityscore=1501 malwarescore=0 mlxscore=0 mlxlogscore=825 clxscore=1011 suspectscore=0 lowpriorityscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2403210001 definitions=main-2403250101
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/j7hZwz9om6Bi8eZ89uS9d-TbX9o>
Subject: Re: [saag] SSH & Ntruprime
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Mar 2024 17:35:18 -0000

While 8447 says what EKR says it says, I'm not sure this was done according to the general rules.

The language you quote first appeared in draft-04 posted in February 2018. This was discussed on the TLS mailing list at least in January 2018 in a conversation thread started by one of the Sec ADs, Kathleen Moriarty.[1]. See in particular here quote fromRFC 8126.

So I’d say yes, this change followed the general rules, both in letter and spirit.

[1] https://mailarchive.ietf.org/arch/msg/tls/yGzItmAkw4CFQWB8x5hGryFW4rw/



I'm not seeing a discussion of this added note in the voting history for RFC8447.  And I don't recall a general discussion of this on the IETF mailing list anytime in the last 10 years.  Of course, I'm old and my memory is fading :-).

Anyone have a reference to when the IANA started using that particular note and what the approval process was for it?  Is anyone aware of any other documents with this note?

Here's the note.

   Note:  The role of the designated expert is described in RFC 8447<https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/html/rfc8447__;!!GjvTz_vk!VspsvWaqvzTg43dzaAQzVIlyxXzMr7tWB2kh94utVd4jgdy9z7fIJgXSbnQddzBGkcPJ7OHS0bIUJA$>.

      The designated expert [RFC8126<https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/html/rfc8126__;!!GjvTz_vk!VspsvWaqvzTg43dzaAQzVIlyxXzMr7tWB2kh94utVd4jgdy9z7fIJgXSbnQddzBGkcPJ7OEbtDx3vA$>] ensures that the specification is

      publicly available.  It is sufficient to have an Internet-Draft

      (that is posted and never published as an RFC) or a document from

      another standards body, industry consortium, university site, etc.

      The expert may provide more in-depth reviews, but their approval

      should not be taken as an endorsement of the extension.

Thanks - Mike






The IANA considerations section refers to RFC8126 and only "Specification Required" or "Standards Action" as the path to registration.   Searching for "ID", "I-D", "internet draft" and "Internet-Draft" doesn't get me anything.

AFAIK, "Specification Required" as defined in 8126 does not include Internet Drafts, even under the heading of "informal documentation" .  Maybe time to ask the IANA?

Later, Mike
_______________________________________________
saag mailing list
saag@ietf.org<mailto:saag@ietf.org>
https://www.ietf.org/mailman/listinfo/saag<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/saag__;!!GjvTz_vk!VspsvWaqvzTg43dzaAQzVIlyxXzMr7tWB2kh94utVd4jgdy9z7fIJgXSbnQddzBGkcPJ7OHAIfeH3A$>

v2.23.0 | Report a Bug | By Email