Hi,
As we've discussed offline, I'm good with keeping the iana-bfd-types update in
appendix A of the optimizing-authentication document, even if null auth is not
defined in that document. We can add a note in the appendix explaining why
iana-bfd-types update has null auth which is defined in another doc. Having 2
documents updating the same IANA module is risky: as Mahesh mentioned that
appendix is to help IANA and the plan is to remove that appendix on
publication.
Regards,Reshad.
On Wednesday, June 19, 2024 at 03:18:17 PM EDT, Jeffrey Haas
<jh...@pfrc.org> wrote:
> On Jun 13, 2024, at 2:49 PM, Alan DeKok <al...@deployingradius.com> wrote:
>
> On Jun 13, 2024, at 11:04 AM, Reshad Rahman
> <reshad=40yahoo....@dmarc.ietf.org> wrote:
>
>> Section 6
>>
>> - "The Auth Type field MUST be set to TBD1 (Meticulous Keyed ISAAC)". There
>>is no IANA registration for just ISAAC anymore, so it will be one of the 2
>>auth types from optimizing-authentication?
>
> It may be best to update the IANA section of this document to define
>Meticulous Keyed ISAAC. That way everything is in one document.
The dependencies we have are:
1. The optimized auth document primarily adds the reauth-interval leaves needed
for the optimization procedure. To be effective, it needs the identities for
the new optimized types.
2. The optimized auth draft is currently where the YANG identities for the
keychain live. We could move those, but this creates an additional module
dependency for the identities only.
3. The optimized auth draft defines the Auth Type codes.
... and the hard one...
4. The iana-bfd-types update lives in appendix a of the
optimizing-authentication module.
It'd be appropriate to define the Auth Type codes for the optimized isaac modes
in the secure sequence numbers draft.
The secure sequence numbers draft doesn't define any YANG module currently. It
could, but it'd just be adding a module that defined those identities.
The true headache here is 4. If we were intending to add exactly one set of
auth types in one module, this is/was easy. I've suggested moving the yang
identity to the stability draft since that's severable from the auth type work.
However, we need to update the iana module once. Otherwise, we have an
ordering issue of which "commit" hits iana in which order.
One method to deal with this is to split all of these dependencies into a new
draft whose purpose is just to do the iana registrations for the identities,
auth types and iana module update. Each of the other drafts gets an additional
dependency to this new draft.
Lots of ugly choices here.
-- Jeff
>
> Alan DeKok.
