IETF Logo Mail Archive

[saag] Re: New Version Notification for draft-rsalz-crypto-registries-00.txt

Tero Kivinen <kivinen@iki.fi> Wed, 27 November 2024 20:37 UTC

Return-Path: <kivinen@iki.fi>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B363C14F5F9 for <saag@ietfa.amsl.com>; Wed, 27 Nov 2024 12:37:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.463
X-Spam-Level:
X-Spam-Status: No, score=-2.463 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.355, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=iki.fi
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iBFBKNkzjply for <saag@ietfa.amsl.com>; Wed, 27 Nov 2024 12:37:23 -0800 (PST)
Received: from meesny.iki.fi (meesny.iki.fi [IPv6:2001:67c:2b0:1c1::201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C489C14F603 for <saag@ietf.org>; Wed, 27 Nov 2024 12:37:21 -0800 (PST)
Received: from fireball.acr.fi (fireball.acr.fi [83.145.195.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: kivinen@iki.fi) by meesny.iki.fi (Postfix) with ESMTPSA id 4XzB7x3z4CzyQv; Wed, 27 Nov 2024 22:37:17 +0200 (EET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=meesny; t=1732739838; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=P5FlYy2fUpW5MNiqqc8YwfhtvpViC/G1OMZJypYKLKM=; b=o5RbblONQCi+V/jg5o753MdOwani4LbPBsJJH0mc6x46/wYj5VTS3/zP/24LtX+/KXnmZr vAkZn1avPhpWwbazG4hA0xYZE9O+pu0X+OUeMRYc8PcTJ5nsN2iNZ6EbxgYlbg5Mg3YCC6 hQdzHnliFlq6j6fNUILLEQuYeolORcg=
ARC-Seal: i=1; s=meesny; d=iki.fi; t=1732739838; a=rsa-sha256; cv=none; b=FZARQZx7+pY9rWvtbuSAJc5EdKXM2rpk+Q6FhCfh3ypbHJzuZvTQJ3xSz/ebfV1/2QMhFL xJ8wTUG6vB2TL4LnQkkHbgwsJceeN9eBjv1zDr0PASEQFfepTDFidkO+gWbCOkK5j/WIuT DffvobFXJoUoRvMgxAT7oqCMCg8NxaA=
ARC-Authentication-Results: i=1; ORIGINATING; auth=pass smtp.auth=kivinen@iki.fi smtp.mailfrom=kivinen@iki.fi
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=meesny; t=1732739837; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=P5FlYy2fUpW5MNiqqc8YwfhtvpViC/G1OMZJypYKLKM=; b=FWyG92fpyVZXJ2altlDLIU738fsMng8lYeRw/2tU1d7bXpzot6pLtMFlPrSeMXLvYZS6/n JpPFMZnY6kKaQoXPcU7PSFfG8aIAAKknjbmpyb8IbkXL/mSpmNFYuJdEIuEgJB4Cz0MCao u5HD2OSj6lktGfdsMh8YLV19Jwd849Y=
Received: by fireball.acr.fi (Postfix, from userid 15204) id 2DB4225C11A3; Wed, 27 Nov 2024 22:37:17 +0200 (EET)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <26439.33533.129915.244853@fireball.acr.fi>
Date: Wed, 27 Nov 2024 22:37:17 +0200
From: Tero Kivinen <kivinen@iki.fi>
To: Damien Miller <djm@mindrot.org>
In-Reply-To: <71bcb4f8-e147-a6cb-3c67-b6daef61f309@mindrot.org>
References: <BE95E617-C929-43BA-BB40-41E189A8158B@akamai.com> <87ldxl5zp9.fsf@kaka.sjd.se> <26424.40383.605711.370013@fireball.acr.fi> <71bcb4f8-e147-a6cb-3c67-b6daef61f309@mindrot.org>
X-Mailer: VM 8.2.0b under 26.3 (x86_64--netbsd)
X-Edit-Time: 4 min
X-Total-Time: 4 min
Message-ID-Hash: 4EIQUQ3F424V3PHYSMXPOSNX4ZFHOXMF
X-Message-ID-Hash: 4EIQUQ3F424V3PHYSMXPOSNX4ZFHOXMF
X-MailFrom: kivinen@iki.fi
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-saag.ietf.org-0; header-match-saag.ietf.org-1; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Simon Josefsson <simon=40josefsson.org@dmarc.ietf.org>, "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>, saag@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [saag] Re: New Version Notification for draft-rsalz-crypto-registries-00.txt
List-Id: Security Area Advisory Group <saag.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/sYVAaQWZ9PdKh5NI5-3XA8FEM9s>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Owner: <mailto:saag-owner@ietf.org>
List-Post: <mailto:saag@ietf.org>
List-Subscribe: <mailto:saag-join@ietf.org>
List-Unsubscribe: <mailto:saag-leave@ietf.org>

Damien Miller writes:
> On Sat, 16 Nov 2024, Tero Kivinen wrote:
> 
> > For the SSH there is already first come first serve policy (all names
> > that contained @) but for some reason that was not enough. And
> > implementations and interoperability works fine even with those first
> > come first served names. There is no reason to require strings without
> > @-chracter for algorithms, both forms work fine in the
> > implementations.
> 
> The reason that it's not enough is that agreeing on names alone is
> insufficient for reliable interoperability. At some point someone
> needs to write down a specification and, at that point, it makes
> sense to assign a standard name too.

For long time the ssh-1 protocol was described in the file called RFC
inside the source distribution package.

When someone (like openssh) creates a new thing with foo@openssh.org,
they should include the documentation of that either on their web
page, or inside the source distribution etc. Not everything needs to
be an RFC, and most of those things that are defined that way are
quite simple to document.

Yes, some of those are more complicated and should most likely be
document in the RFC, but new ciphers, macs etc should not be that
complicated. The SSH RFCs do not use that much text to describe them
anyways.

We could add IANA registry with lists commonly used @-signed names and
provides a pointer to the documentation for them (or contact point if
no public documentation is available).

On the other hand, as the IANA registries have been changed to have
different allocation policy, even that is no longer needed.
-- 
kivinen@iki.fi

v2.29.0 | Report a Bug | By Email | System Status