Re: [tcpinc] Eric Rescorla's Discuss on draft-ietf-tcpinc-tcpeno-13: (with DISCUSS and COMMENT)

Amanda Baber <amanda.baber@iana.org> Tue, 14 November 2017 19:44 UTC

Return-Path: <amanda.baber@iana.org>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C932F128990; Tue, 14 Nov 2017 11:44:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yqYhij1e8GGv; Tue, 14 Nov 2017 11:44:18 -0800 (PST)
Received: from out.west.pexch112.icann.org (pfe112-ca-1.pexch112.icann.org [64.78.40.7]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 56911128891; Tue, 14 Nov 2017 11:44:18 -0800 (PST)
Received: from PMBX112-W1-CA-1.pexch112.icann.org (64.78.40.21) by PMBX112-W1-CA-1.pexch112.icann.org (64.78.40.21) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Tue, 14 Nov 2017 11:44:16 -0800
Received: from PMBX112-W1-CA-1.pexch112.icann.org ([64.78.40.21]) by PMBX112-W1-CA-1.PEXCH112.ICANN.ORG ([64.78.40.21]) with mapi id 15.00.1178.000; Tue, 14 Nov 2017 11:44:16 -0800
From: Amanda Baber <amanda.baber@iana.org>
To: "Mirja Kuehlewind (IETF)" <ietf@kuehlewind.net>, Eric Rescorla <ekr@rtfm.com>, "Black, David" <David.Black@dell.com>, David Mazieres <dm-list-tcpcrypt@scs.stanford.edu>
CC: "tcpinc@ietf.org" <tcpinc@ietf.org>, "tcpinc-chairs@ietf.org" <tcpinc-chairs@ietf.org>, The IESG <iesg@ietf.org>, "draft-ietf-tcpinc-tcpeno@ietf.org" <draft-ietf-tcpinc-tcpeno@ietf.org>
Thread-Topic: [tcpinc] Eric Rescorla's Discuss on draft-ietf-tcpinc-tcpeno-13: (with DISCUSS and COMMENT)
Thread-Index: AQHTXYD0iP69JvORRU27r2ZcpJ1+ag==
Date: Tue, 14 Nov 2017 19:44:16 +0000
Message-ID: <199E434C-FAD5-4AB1-9EF6-4384390F7FD8@iana.org>
References: <151036581280.449.10740505473540594433.idtracker@ietfa.amsl.com> <CE03DB3D7B45C245BCA0D243277949362FD495EF@MX307CL04.corp.emc.com> <CABcZeBPfk6Pi=_UPvTBaS9jQBYjExUdqkdX5Q--iUuyCv_qZtw@mail.gmail.com> <CAJU8_nWpVhm4oTT+SLyG-nk=ww7nBU-DaVe86rUU-LGGqJvHvQ@mail.gmail.com> <CABcZeBO0TD0KnpTfe6CbHUoiS=FmGiGW6r_mFMH_9bYFWKqKLA@mail.gmail.com> <CABcZeBNp=1c1cx0+nJezjWy_Q4N9-PUeQuqOU_k7A7KhRj18EQ@mail.gmail.com> <CE03DB3D7B45C245BCA0D243277949362FD4BB57@MX307CL04.corp.emc.com> <CABcZeBPL2mVFtsL77Bdr=BUf7cb+qe_+Wxq42AtoohHmSmJaCg@mail.gmail.com> <CE03DB3D7B45C245BCA0D243277949362FD4BDAB@MX307CL04.corp.emc.com> <877euu7hy0.fsf@ta.scs.stanford.edu> <CE03DB3D7B45C245BCA0D243277949362FD4D450@MX307CL04.corp.emc.com> <87vaieow9k.fsf@ta.scs.stanford.edu> <CABcZeBPxOaK3DN5u0ohizt8rAQ+tShMuOcdpJBJ-2fmMJuQWgA@mail.gmail.com> <CE03DB3D7B45C245BCA0D243277949362FD4FC09@MX307CL04.corp.emc.com> <CABcZeBNazxnSaRFokk9Jk88F6L9zOYrrjcAbLwwQwKsk2WUvnQ@mail.gmail.com> <D8CC2964-B7C3-44B5-A104-64FB8F628CD2@kuehlewind.net>
In-Reply-To: <D8CC2964-B7C3-44B5-A104-64FB8F628CD2@kuehlewind.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.27.0.171010
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [192.0.47.234]
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="B_3593504658_1654871351"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpinc/1pPc8iNd3tFf54nlbxp75Wj5d3w>
Subject: Re: [tcpinc] Eric Rescorla's Discuss on draft-ietf-tcpinc-tcpeno-13: (with DISCUSS and COMMENT)
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Working group mailing list for TCP Increased Security \(tcpinc\)" <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Nov 2017 19:44:20 -0000

Hi,

See [AB] below.

On 11/13/17, 7:18 PM, "Mirja Kuehlewind (IETF)" <ietf@kuehlewind.net>; wrote:

Only on this point:

> Am 14.11.2017 um 11:07 schrieb Eric Rescorla <ekr@rtfm.com>;:
> 
> --[3]-- IANA registry policy for TEP registry
> 
>  
> 
> At least my suggestion of IETF Review was in part to see whether more strict review would be appropriate – that appears not to be the case, so …
> 
>  
> 
> I like Amanda’s suggestion of: “Expert Review with RFC Required”   That should result in two security reviews of a new TEP, both of which could halt a weak one.  Looking at the Independent Submission track as the “path of least resistance” that would be the IETF Security Area (ADs and Directorate) as part of RFC publication plus an IANA expert review as part of codepoint assignment.  Thank you, Amanda.
> 
>  
> 
> I have to admit that Ekr is right that anyone can do arbitrarily stupid things on their own – what we can stop is misuse of IETF’s good name and IANA registration in support of that sort of stupidity.
> 
> 
> Well, ultimately this is a WG decision, but we actually have tried this approach in TLS and other WGs and it doesn't work well. People grab code points and we have to deal with that, and we also have to spend a lot of WG time doing useless vetting when people just want a code point.
> 
Ekr, not sure what your recommendation is but the previous discussion was that it is encouraged to ask for early allocation in the (RFC) process, however, we would like to finally end up with a spec in an RFC for all TEPs.

I guess if we want expert review for non-IETF stream docs it actually would be „IETF Review or RFC Required with Expert Review“… Amanda, does that still makes sense to you?

[AB] That works for us too. I think that in that case we would call it “IETF Review or Expert Review with RFC Required,” to make it clear that Expert Review is only modifying one of the procedures.  

Mirja