IETF Logo Mail Archive

[saag] Re: New Version Notification for draft-rsalz-crypto-registries-00.txt

Eric Rescorla <ekr@rtfm.com> Fri, 29 November 2024 00:09 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 29022C169404 for <saag@ietfa.amsl.com>; Thu, 28 Nov 2024 16:09:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.905
X-Spam-Level:
X-Spam-Status: No, score=-1.905 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sgF-L4cCXdw7 for <saag@ietfa.amsl.com>; Thu, 28 Nov 2024 16:09:47 -0800 (PST)
Received: from mail-yb1-xb36.google.com (mail-yb1-xb36.google.com [IPv6:2607:f8b0:4864:20::b36]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D877C14F6F3 for <saag@ietf.org>; Thu, 28 Nov 2024 16:09:47 -0800 (PST)
Received: by mail-yb1-xb36.google.com with SMTP id 3f1490d57ef6-e333af0f528so800434276.3 for <saag@ietf.org>; Thu, 28 Nov 2024 16:09:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20230601.gappssmtp.com; s=20230601; t=1732838986; x=1733443786; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=f2tiLuK+4gwn9n472gG3ILG8okRtO9AT4rUUo+PPems=; b=NaTtd20KWQl6TPchjBy3kOSFt3n7LtTjhBKIhUGxFLIh5mKjHjuw3aUxmhlo7yrEUl Tr2uRJq7KiqoqaDYog9oct8rkpVbwYQ/zhvxvIVg4An4POQNhH2RhKSgZhnzyLgfdYbO kWddQY+IJfJWzRBA5PIzPXlit2K4khTwpWbS535iAZFIa7Pt4LT68dMr5ku71Q+pChvZ u6fLLkO88vdTXPuAiGmUkRQ+1w1HVQQGQXGTv/abPVzt223LHbUuVUT2CLgDoKhkl2s3 GovcSjtGY7D4Z6qadNW4Q3ubzG2jMCH+CzeViC1AZ9b7QuEeAWn8fMpzWkFLgGv6roEY UG2Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732838986; x=1733443786; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=f2tiLuK+4gwn9n472gG3ILG8okRtO9AT4rUUo+PPems=; b=JLWUVbdFhviwZHW+vVOArTdS62ORLlBjLFgwESlKzI2E7QAMglm5lo5KkFAxj2skmu vJ5kfRBh7ddVwC//p/KXfZ/VBLieWAQy0rrzJflQE160THHrzTmlJC23yNL/LE3m/64u l6LQGAWB84MRDk+2rtFfpqdiTNC0OQVyptg4eTRmtoksRWwCCeweVALkmjLpQvYkPLFs 7gcCf9KxnO6rfjdMCF320Ax2VvEtiINQjzZqBl+PoXd7W08KK/E9FNrioLGawZROmDwx vEiCLX5bZDe3w1b3UyFCFNVs4QT3sP9fJz7jJrAsXTEbtKd3hyPlZiSlRKm6VZ48Xj1e f0TQ==
X-Forwarded-Encrypted: i=1; AJvYcCVCu5+vG3hfMkX6EKIkPohbEVU5LsBYXJUfX6+kf9jWEFNP1pOkwKyVFBCojPHG8ZXYExOI@ietf.org
X-Gm-Message-State: AOJu0Yz1uP7K5onEOQGCk+KfLekInjyyGFpjmGzsaouoLXE5UOiPOM7G fEBRe/m+PHM2jnm1QNJiGlQWIW8BI1AHFd8NWKzgUEcJzHBtcQwAiAlW1l8d8d0bMFAw+73MFOZ vJ2fIk+kmFbYVgy3WX/KXf7Dpd+HwOJcFLJztPQ==
X-Gm-Gg: ASbGncs45raBDaNdo/5+myZ9P0qn9EpfXDVIsaYytLHEGkDYJzxmURlfXP+LwbnIAY2 YIiooHKd8/EiHSdyWghh2AMrVOwusQMlsiQ==
X-Google-Smtp-Source: AGHT+IHkXeRNimjp9UpE4TeKroNSN+UUAKKnN8+p0QhD8Uwzyj671BC9WSNwIyW9yfp7koifhUH9+RgkR5aHVOpRZhQ=
X-Received: by 2002:a05:6902:2b13:b0:e35:d93a:c9bb with SMTP id 3f1490d57ef6-e395b87c7edmr7452465276.10.1732838986321; Thu, 28 Nov 2024 16:09:46 -0800 (PST)
MIME-Version: 1.0
References: <SY8P300MB0711C796AB6095C788556516EE292@SY8P300MB0711.AUSP300.PROD.OUTLOOK.COM> <2A5A96D6-7F86-4B55-99D4-39A42B1CA869@aiven.io> <800b679d-8c67-4c27-8531-88de3dd9dada@lear.ch> <CAGL5yWbXxFnAR1zvp9-D4Ftd=6CZzVV=6n=icx3yx622QhYo=w@mail.gmail.com> <4fd41b6b-c687-4d9b-acc1-4f829538de9a@lear.ch>
In-Reply-To: <4fd41b6b-c687-4d9b-acc1-4f829538de9a@lear.ch>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 28 Nov 2024 16:09:10 -0800
Message-ID: <CABcZeBOhutHwd5Figy65MF44zsrEu9f4NK=QyS72GzVP-L_bRA@mail.gmail.com>
To: Eliot Lear <lear@lear.ch>
Content-Type: multipart/alternative; boundary="0000000000003bae360628020437"
Message-ID-Hash: OOUXF5JKUTE3YWEZ3I2RYHEZB7ZZLUXY
X-Message-ID-Hash: OOUXF5JKUTE3YWEZ3I2RYHEZB7ZZLUXY
X-MailFrom: ekr@rtfm.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-saag.ietf.org-0; header-match-saag.ietf.org-1; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: saag@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [saag] Re: New Version Notification for draft-rsalz-crypto-registries-00.txt
List-Id: Security Area Advisory Group <saag.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/lvZnkt7hwHjiRN8xdcp85z-8Bo8>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Owner: <mailto:saag-owner@ietf.org>
List-Post: <mailto:saag@ietf.org>
List-Subscribe: <mailto:saag-join@ietf.org>
List-Unsubscribe: <mailto:saag-leave@ietf.org>

On Thu, Nov 28, 2024 at 3:59 PM Eliot Lear <lear@lear.ch> wrote:

> Greetings Paul!
> On 29.11.2024 00:00, Paul Wouters wrote:
>
>
> As long as the code points are references by versioned drafts, this is not
> an issue. We are looking at the few cases where this was done using an
> unversioned draft and working with IANA to resolve those.
>
> But it is also an issue if you are an implementer and not a protocol spec
> developer, and you are trying to economically and securely manage your
> coding and COGS investments.  An RFC or similar vehicle is signal that
> This->spec will not change without going through a rather involved public
> development process. It gets particularly concerning when different RFPs
> have different specific draft version requirements.  That's really where
> either interoperability begins to break down and/or code complexity goes
> up, even if different code points are used for different versions.
>
Maybe.

There are a number of different cases here.

On one extreme, we have a specification which is being actively developed
by the IETF, and goes through a number of draft revisions before finally
being published as an RFC. In that case, yes, it is somewhat difficult to
have code points associated with drafts prior to the RFC (though TBH, not
that difficult, and we do this in TLS and QUIC fairly routinely).

On the other extreme, we have a specification which simply documents some
externally developed technology which will not be modified by the IETF but
just needs a codepoint registration. In this case, there is generally no
real issue with multiple versions and I do not believe that having a
reference to a draft version, because there is no real need to revise it.
Note that this is distinct from submissions to the Independent stream,
which naturally go through multiple draft revisions prior to becoming an
RFC, which might lead to confusion. However, if the code point is just
assigned on the basis of an I-D with no intention to make an RFC, that is
not the case. Do you have evidence that there has been significant
confusion in such cases?

-Ekr

v2.29.0 | Report a Bug | By Email | System Status