IETF Logo Mail Archive

[saag] Re: New Version Notification for draft-rsalz-crypto-registries-00.txt

Simon Josefsson <simon@josefsson.org> Wed, 27 November 2024 21:20 UTC

Return-Path: <simon@josefsson.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1476BC180B4A for <saag@ietfa.amsl.com>; Wed, 27 Nov 2024 13:20:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=josefsson.org header.b="PnqFmVm/"; dkim=pass (2736-bit key) header.d=josefsson.org header.b="njfCgTci"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 78tdHmerk7UQ for <saag@ietfa.amsl.com>; Wed, 27 Nov 2024 13:20:05 -0800 (PST)
Received: from uggla.sjd.se (uggla.sjd.se [IPv6:2001:9b1:8633::107]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E27DEC14F6E9 for <saag@ietf.org>; Wed, 27 Nov 2024 13:20:04 -0800 (PST)
DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=ed2303; h=To:In-Reply-To:Cc:References:Message-Id:Date: Subject:Mime-Version:From:Content-Transfer-Encoding:Content-Type:Sender: Reply-To:Content-ID:Content-Description; bh=GQ25c1pHbN/uwQoNZxv/ycgI/3dfy5RytJd8y63OldU=; t=1732742397; x=1733951997; b=PnqFmVm/62cHXAPzMnte211wdrizvC28G5WXIoWcjdp7LLDb1Si5hv1la2KpB1JcG5Py18spk1e nkOfPuRq0Bw==;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=rsa2303; h=To:In-Reply-To:Cc:References:Message-Id:Date: Subject:Mime-Version:From:Content-Transfer-Encoding:Content-Type:Sender: Reply-To:Content-ID:Content-Description; bh=GQ25c1pHbN/uwQoNZxv/ycgI/3dfy5RytJd8y63OldU=; t=1732742397; x=1733951997; b=njfCgTciovg6WEWEFfCSKhC7T/sycmwF2d76rEtjuYnA26S2P13rgFLDOBVb+DCCJEkELuDi0Pk afzTbRKZae6W2rTNr1ckY76hO1Qi1/8NY4ogXEDtClwyO3WFe6aRZq5ZlrVMJWNc5MU2rv44RXC6X hkQdIlBQ7Wrv2cNUwL9R1+cE4wa/1ciBFnP+RBA8gofJHPrYNyDzbNt9OrC8TNRMKmfjwtjeWZ69A CGQfYrd8q1gkHgDyeiqvip5gjyBzHUPMZZBc6UowdpHC1dbkHZr60sWsoCGyX5AfcscK9TmSisUNX 2LFgcbj+1FzSJa0T0eDpcBiEYq/XZCtikcZDITp0flc/rTgs+N66s8jVQkVe7WtEpgwIl8F464EJt mK44RJhTHu6RTY0dKW85fsLCKobnbz2f1mjgDkLontQ5ICScdVS7+Y8pNGSSqo+iH4g4iehMy;
Received: from [2001:9b1:41ac:ff00:7d6b:cb4c:7c57:639b] (port=51612 helo=smtpclient.apple) by uggla.sjd.se with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.95) (envelope-from <simon@josefsson.org>) id 1tGPRu-0050Sf-FT; Wed, 27 Nov 2024 21:19:50 +0000
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: Simon Josefsson <simon@josefsson.org>
Mime-Version: 1.0 (1.0)
Date: Wed, 27 Nov 2024 22:19:57 +0100
Message-Id: <E2192E03-0AB5-48DF-806D-F0629DF9AF27@josefsson.org>
References: <26439.33533.129915.244853@fireball.acr.fi>
In-Reply-To: <26439.33533.129915.244853@fireball.acr.fi>
To: Tero Kivinen <kivinen@iki.fi>
X-Mailer: iPhone Mail (22B91)
Message-ID-Hash: 2CEXIBFNMBAGAYJU4TS5QT6MPMCECFU6
X-Message-ID-Hash: 2CEXIBFNMBAGAYJU4TS5QT6MPMCECFU6
X-MailFrom: simon@josefsson.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-saag.ietf.org-0; header-match-saag.ietf.org-1; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Damien Miller <djm@mindrot.org>, saag@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [saag] Re: New Version Notification for draft-rsalz-crypto-registries-00.txt
List-Id: Security Area Advisory Group <saag.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/yxacIee3XYepxQneGCJe45Rbxd8>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Owner: <mailto:saag-owner@ietf.org>
List-Post: <mailto:saag@ietf.org>
List-Subscribe: <mailto:saag-join@ietf.org>
List-Unsubscribe: <mailto:saag-leave@ietf.org>

I don’t understand this line of reasoning - if you follow the tangent, then what’s the point of any standardization work at all? By the same argument why doesn’t just $browser define whatever TLS features they want, register them with IANA, and publish some obscure document with (some of) the details? There is no need for any IETF documents at all in that model beyond an IANA registry. Is that a good model? 

I believe the IETF should publish stable reviewed specifications of protocols as RFCs to have good interoperable descriptions of what is deployed out there, as a general service to all Internet users.

/Simon

> 27 nov. 2024 kl. 21:37 skrev Tero Kivinen <kivinen@iki.fi>:
> 
> Damien Miller writes:
>>> On Sat, 16 Nov 2024, Tero Kivinen wrote:
>>> 
>>> For the SSH there is already first come first serve policy (all names
>>> that contained @) but for some reason that was not enough. And
>>> implementations and interoperability works fine even with those first
>>> come first served names. There is no reason to require strings without
>>> @-chracter for algorithms, both forms work fine in the
>>> implementations.
>> 
>> The reason that it's not enough is that agreeing on names alone is
>> insufficient for reliable interoperability. At some point someone
>> needs to write down a specification and, at that point, it makes
>> sense to assign a standard name too.
> 
> For long time the ssh-1 protocol was described in the file called RFC
> inside the source distribution package.
> 
> When someone (like openssh) creates a new thing with foo@openssh.org,
> they should include the documentation of that either on their web
> page, or inside the source distribution etc. Not everything needs to
> be an RFC, and most of those things that are defined that way are
> quite simple to document.
> 
> Yes, some of those are more complicated and should most likely be
> document in the RFC, but new ciphers, macs etc should not be that
> complicated. The SSH RFCs do not use that much text to describe them
> anyways.
> 
> We could add IANA registry with lists commonly used @-signed names and
> provides a pointer to the documentation for them (or contact point if
> no public documentation is available).
> 
> On the other hand, as the IANA registries have been changed to have
> different allocation policy, even that is no longer needed.
> --
> kivinen@iki.fi

v2.29.0 | Report a Bug | By Email | System Status