IETF Logo Mail Archive

Re: [saag] SSH & Ntruprime

Orie Steele <orie@transmute.industries> Mon, 25 March 2024 16:52 UTC

Return-Path: <orie@transmute.industries>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9B77C151998 for <saag@ietfa.amsl.com>; Mon, 25 Mar 2024 09:52:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.085
X-Spam-Level:
X-Spam-Status: No, score=-2.085 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_REMOTE_IMAGE=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=transmute.industries
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QfvU5_kRS3RD for <saag@ietfa.amsl.com>; Mon, 25 Mar 2024 09:52:24 -0700 (PDT)
Received: from mail-pj1-x1033.google.com (mail-pj1-x1033.google.com [IPv6:2607:f8b0:4864:20::1033]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0D910C1519A4 for <saag@ietf.org>; Mon, 25 Mar 2024 09:52:18 -0700 (PDT)
Received: by mail-pj1-x1033.google.com with SMTP id 98e67ed59e1d1-29f9bffaa3bso3071316a91.0 for <saag@ietf.org>; Mon, 25 Mar 2024 09:52:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transmute.industries; s=google; t=1711385538; x=1711990338; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=v9KdsR/h5O01smpkl3KnbTtBelw910/+3xD6UUSHrFw=; b=cpN+QRXBs5fpZBe3kocE3kwOzO9U4QSB5MTevP5AZFNEeSuI0w9pmwAQ01uLKvgl7f 0CQcuFvWWjsJRFiceO+nXPDFzxmG7bFjK/6qcHnT7D6DIuEijOnez7w2vqxFyxxGrUhO fdKkiqLjNZu1P2+fIWuf713PVrWj8tEolmmyWVkUDJgbhfH89Mh/zkBx2E7flEfSpt6U xCf2RbSl8LK5btgfH4njotDaRU2pZLJ4951JMd72/MKU/hLC1xJUU1U8CnaqTbWdaqXK gcBH8o6ekg4MrlqkOBJAbOKp/YFCYo/RyNvWhBxIFxiZUJuoVSUB7jEaEgboNnMiGXPE ThgQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711385538; x=1711990338; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=v9KdsR/h5O01smpkl3KnbTtBelw910/+3xD6UUSHrFw=; b=RHUNSwlw/15dVQ6M9l6PSXLR6DPJH1wNcYJm68DR4vm6O13pxZqPFAiDkouGlFtBhB 744BnagakXWtehsIxWYQ5bp/XMM4k320I3TEx0a9AH3tj7V59Y9lPypDKNmQS1TU4VGQ z57on6a8BUqRVWqMf/oqsMy7+ybth9PBUwZwCM56FvUkqPY/sWyrZQJzfuHCPweT6r5D 164CaXy8VEyxO/bsXuU4NIGlRc82DUIfdrB7CmqYqo1j5r/Ii6y/Bs8d57gyiEDvkv7L iL3AhjrjM+XaGib/5eGCVuoyI8Mm8OdBLbIPwAmz7SBkOpmfM9KRCzZMsQSW0KQsJwVN dmhA==
X-Forwarded-Encrypted: i=1; AJvYcCWaWTLmz1obe4e3ilBzCZb8a3Ot+hAwJG6fNVBK/9HXse4gdzCm56sI9X8k95RkYUQLN1SBZMnCCysPwjuZ
X-Gm-Message-State: AOJu0YwLu60Mfnxj8l87oD5HdjnzH6cjYMwYHIDVx3w8Bq8t44kyyRji G03DTEZ8c8v+0q25YLSF0uaIHT99leXrap4669CIVnbtoLHLBCMPpiNJBc79QTwgrDEvAKZCFo6 IV15ooNcnkH4NSgm79CypcTISS5ygIDbhVchc5vm8fYbkL89tzYk=
X-Google-Smtp-Source: AGHT+IGUEfQk7DTIYO9vI2FJEZnN+qAm0V/iT4zlo7B8xG8sVhBwOw+p8sEvubAmwZgCsdyZjpRz3HpUGe76dPEZ6TY=
X-Received: by 2002:a17:90a:8007:b0:29b:8926:c161 with SMTP id b7-20020a17090a800700b0029b8926c161mr5110802pjn.19.1711385538215; Mon, 25 Mar 2024 09:52:18 -0700 (PDT)
MIME-Version: 1.0
References: <CABcZeBPWjXvLh06-DBO3Z0sfeb2hgzqzaSZ-J2-TZ7qesrSraA@mail.gmail.com> <D0CD341B-523B-48A0-8954-EE7F89113241@aiven.io> <AF7B6F32-9EE6-4810-A99A-833DEA917FA9@sonic.net> <CABcZeBPfXQckpZageogUxTYgX2j_Nr_O3bvf-a-x0S_82BHMxg@mail.gmail.com> <079A0AA3-FA02-440F-ABA0-6AF897570E86@sonic.net> <CABcZeBOxfYR+=61DV1XN0F9nrmbzLR2zq_ZvADw4UUy1uFafzw@mail.gmail.com> <8caa2d4d-bc80-4fcf-b8bc-839052371730@lear.ch> <CABcZeBMABJ89T0qY0-9C3xxd=mFfGyCh7_9GKbEUBm6JtR+_ng@mail.gmail.com> <6c491f5c-92da-4fb3-a8b1-da1de27b36a6@lear.ch> <CABcZeBN1w0QU6ug3LcMwC+hTMA_-iOs32FkZe+gpPuFrp1y+JA@mail.gmail.com> <64e81f68-5169-4469-b5a0-2851da912091@lear.ch> <CABcZeBOLKMJb5pw59J072FsfeMFcoz1eZYxa1qpXDLW0nAU0cg@mail.gmail.com> <7b4d38b8-b4c1-412b-8287-bd44d0c512a3@lear.ch> <CABcZeBOQYp49i_JjE7vdg6AjxwyvktW7LFTJ4Mh3jt0bmxxxDQ@mail.gmail.com> <CAN8C-_+QUpU2bTeSFmLB7v1qLirTXtypR2U7D54JeEaeKfSp+Q@mail.gmail.com> <CABcZeBNtE6PtEdmh-2rTC5y9U7yEL8JVNo1HMjZtOQw-DHjXQQ@mail.gmail.com> <88a1bb16-b0ef-49b3-a661-c343b4faa7a9@nthpermutation.com> <CABcZeBOo7e=jgrkMa4iXYy-x_2o6eZjTpEyezQiu7AKHk4ZhFQ@mail.gmail.com>
In-Reply-To: <CABcZeBOo7e=jgrkMa4iXYy-x_2o6eZjTpEyezQiu7AKHk4ZhFQ@mail.gmail.com>
From: Orie Steele <orie@transmute.industries>
Date: Mon, 25 Mar 2024 09:52:07 -0700
Message-ID: <CAN8C-_JKbJLB6EU+8zUoeUgYVMkR4ErkSdpvuzr4LYoNcRKccA@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: Michael StJohns <msj@nthpermutation.com>, saag@ietf.org
Content-Type: multipart/alternative; boundary="00000000000014656706147eff0b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/tTlNpt-3iUTeQn-xjKcIaMuGfT4>
Subject: Re: [saag] SSH & Ntruprime
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Mar 2024 16:52:28 -0000

https://www.rfc-editor.org/rfc/rfc8126#section-4.6

Makes it clear, the expert could decide to accept anything they are
directed to accept.

In absence of guidance NOT to accept IDs, I would assert its at the
discretion of the expert, and can readily cite examples in the wild, where
specification required was satisfied with IDs, for example:

https://www.iana.org/assignments/hpke/hpke.xhtml
https://datatracker.ietf.org/doc/draft-westerbaan-cfrg-hpke-xyber768d00/02/

If the draft above is ever updated to use a "generic kem combiner" the code
point for the -02 will need to be abandoned and a new one will need to be
assigned.

Of course the same thing could happen if the reference were a github readme
at a specific commit.

Probably no need to ask IANA, see this recent reply:

https://mailarchive.ietf.org/arch/msg/kitten/nKpKSY9Lo9gL2rTju1xDqGFwbCo/

All this aside, it's still my opinion that it's not a good thing to
encourage DE's to accept IDs, and if given the choice of specification
required and a link to a github repo (which can be deleted at any time),
and specification required with a link to an ID (which can be deleted at
any time)... I still prefer the external link, because it does not create
quality confusion regarding IETF documents... But I'll concede my objection
is more based on optics than deviation from process.

OS


On Mon, Mar 25, 2024 at 9:26 AM Eric Rescorla <ekr@rtfm.com> wrote:

>
>
> On Mon, Mar 25, 2024 at 9:22 AM Michael StJohns <msj@nthpermutation.com>
> wrote:
>
>> Trimmed.
>>
>> On 3/25/2024 12:06 PM, Eric Rescorla wrote:
>>
>>
>>
>> On Mon, Mar 25, 2024 at 8:28 AM Orie Steele <orie@transmute.industries>
>> <orie@transmute.industries> wrote:
>>
>>> > Internet-Drafts (often referred to simply as "drafts") have no formal
>>> status, and are subject to change or removal at any time; therefore they
>>> should not be cited or quoted in any formal document.
>>> we are the ones hosting their drafts.
>>>
>>
>> Yeah, this seems pretty speculative.
>>
>> Fortunately, we have a natural experiment here, because RFC 8446
>> explicitly allows the registration of TLS code points based on I-Ds, so in
>> five years I guess we can see how that worked.
>>
>> -Ekr
>>
>> Hi -
>>
>> I just took a look at RFC8446 and I can't find support for that claim.
>>
> My mistake, it's 8447. Muscle memory took over there.
>
> See https://www.rfc-editor.org/rfc/rfc8447#section-7
>
> -Ekr
>
>
> The IANA considerations section refers to RFC8126 and only "Specification
>> Required" or "Standards Action" as the path to registration.   Searching
>> for "ID", "I-D", "internet draft" and "Internet-Draft" doesn't get me
>> anything.
>>
>> AFAIK, "Specification Required" as defined in 8126 does not include
>> Internet Drafts, even under the heading of "informal documentation" .
>> Maybe time to ask the IANA?
>>
>> Later, Mike
>> _______________________________________________
>> saag mailing list
>> saag@ietf.org
>> https://www.ietf.org/mailman/listinfo/saag
>>
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag
>


-- 


ORIE STEELE
Chief Technology Officer
www.transmute.industries

<https://transmute.industries>

v2.23.0 | Report a Bug | By Email