IETF Logo Mail Archive

Re: [tcpinc] Eric Rescorla's Discuss on draft-ietf-tcpinc-tcpeno-13: (with DISCUSS and COMMENT)

"Mirja Kuehlewind (IETF)" <ietf@kuehlewind.net> Tue, 14 November 2017 03:25 UTC

Return-Path: <ietf@kuehlewind.net>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D13E1242F7 for <tcpinc@ietfa.amsl.com>; Mon, 13 Nov 2017 19:25:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); domainkeys=pass (1024-bit key) header.from=ietf@kuehlewind.net header.d=kuehlewind.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R6Eg72-bFAFB for <tcpinc@ietfa.amsl.com>; Mon, 13 Nov 2017 19:24:59 -0800 (PST)
Received: from kuehlewind.net (kuehlewind.net [83.169.45.111]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0635912704A for <tcpinc@ietf.org>; Mon, 13 Nov 2017 19:24:58 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=kuehlewind.net; b=GlZa9fQQYVmsJIDYzKlNaRufIASc6bV/H1+dF8AJiggdrGuWKXdaB9w9XJYJLnFMCKv0niHG7WYryj34DBLZQu3HA8U/HyOLJHirSkAc/LZGHsv8T/DF74MhHArmt3qT09hjzd955XLcATHJO7XCGSOjFlywDtTBMfQCaHWcZZA=; h=Received:Received:Content-Type:Mime-Version:Subject:From:In-Reply-To:Date:Cc:Content-Transfer-Encoding:Message-Id:References:To:X-Mailer:X-PPP-Message-ID:X-PPP-Vhost;
Received: (qmail 14058 invoked from network); 14 Nov 2017 04:18:15 +0100
Received: from dhcp-80f9.meeting.ietf.org (31.133.128.249) by kuehlewind.net with ESMTPSA (DHE-RSA-AES256-SHA encrypted, authenticated); 14 Nov 2017 04:18:15 +0100
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: "Mirja Kuehlewind (IETF)" <ietf@kuehlewind.net>
In-Reply-To: <CABcZeBNazxnSaRFokk9Jk88F6L9zOYrrjcAbLwwQwKsk2WUvnQ@mail.gmail.com>
Date: Tue, 14 Nov 2017 11:18:11 +0800
Cc: "tcpinc@ietf.org" <tcpinc@ietf.org>, "tcpinc-chairs@ietf.org" <tcpinc-chairs@ietf.org>, The IESG <iesg@ietf.org>, "draft-ietf-tcpinc-tcpeno@ietf.org" <draft-ietf-tcpinc-tcpeno@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <D8CC2964-B7C3-44B5-A104-64FB8F628CD2@kuehlewind.net>
References: <151036581280.449.10740505473540594433.idtracker@ietfa.amsl.com> <CE03DB3D7B45C245BCA0D243277949362FD495EF@MX307CL04.corp.emc.com> <CABcZeBPfk6Pi=_UPvTBaS9jQBYjExUdqkdX5Q--iUuyCv_qZtw@mail.gmail.com> <CAJU8_nWpVhm4oTT+SLyG-nk=ww7nBU-DaVe86rUU-LGGqJvHvQ@mail.gmail.com> <CABcZeBO0TD0KnpTfe6CbHUoiS=FmGiGW6r_mFMH_9bYFWKqKLA@mail.gmail.com> <CABcZeBNp=1c1cx0+nJezjWy_Q4N9-PUeQuqOU_k7A7KhRj18EQ@mail.gmail.com> <CE03DB3D7B45C245BCA0D243277949362FD4BB57@MX307CL04.corp.emc.com> <CABcZeBPL2mVFtsL77Bdr=BUf7cb+qe_+Wxq42AtoohHmSmJaCg@mail.gmail.com> <CE03DB3D7B45C245BCA0D243277949362FD4BDAB@MX307CL04.corp.emc.com> <877euu7hy0.fsf@ta.scs.stanford.edu> <CE03DB3D7B45C245BCA0D243277949362FD4D450@MX307CL04.corp.emc.com> <87vaieow9k.fsf@ta.scs.stanford.edu> <CABcZeBPxOaK3DN5u0ohizt8rAQ+tShMuOcdpJBJ-2fmMJuQWgA@mail.gmail.com> <CE03DB3D7B45C245BCA0D243277949362FD4FC09@MX307CL04.corp.emc.com> <CABcZeBNazxnSaRFokk9Jk88F6L9zOYrrjcAbLwwQwKsk2WUvnQ@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>, "Black, David" <David.Black@dell.com>, David Mazieres <dm-list-tcpcrypt@scs.stanford.edu>, amanda.baber@iana.org
X-Mailer: Apple Mail (2.3273)
X-PPP-Message-ID: <20171114031815.14047.7880@lvps83-169-45-111.dedicated.hosteurope.de>
X-PPP-Vhost: kuehlewind.net
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpinc/YWPOZaQbKekfAfL3TjYYxjMpfOE>
Subject: Re: [tcpinc] Eric Rescorla's Discuss on draft-ietf-tcpinc-tcpeno-13: (with DISCUSS and COMMENT)
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Working group mailing list for TCP Increased Security \(tcpinc\)" <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Nov 2017 03:25:00 -0000

Only on this point:

> Am 14.11.2017 um 11:07 schrieb Eric Rescorla <ekr@rtfm.com>:
> 
> --[3]-- IANA registry policy for TEP registry
> 
>  
> 
> At least my suggestion of IETF Review was in part to see whether more strict review would be appropriate – that appears not to be the case, so …
> 
>  
> 
> I like Amanda’s suggestion of: “Expert Review with RFC Required”   That should result in two security reviews of a new TEP, both of which could halt a weak one.  Looking at the Independent Submission track as the “path of least resistance” that would be the IETF Security Area (ADs and Directorate) as part of RFC publication plus an IANA expert review as part of codepoint assignment.  Thank you, Amanda.
> 
>  
> 
> I have to admit that Ekr is right that anyone can do arbitrarily stupid things on their own – what we can stop is misuse of IETF’s good name and IANA registration in support of that sort of stupidity.
> 
> 
> Well, ultimately this is a WG decision, but we actually have tried this approach in TLS and other WGs and it doesn't work well. People grab code points and we have to deal with that, and we also have to spend a lot of WG time doing useless vetting when people just want a code point.
> 
Ekr, not sure what your recommendation is but the previous discussion was that it is encouraged to ask for early allocation in the (RFC) process, however, we would like to finally end up with a spec in an RFC for all TEPs.

I guess if we want expert review for non-IETF stream docs it actually would be „IETF Review or RFC Required with Expert Review“… Amanda, does that still makes sense to you?

Mirja

v2.23.0 | Report a Bug | By Email