Re: SSH operations modelled in YANG

[tom petch <ietfc%btconnect.com@localhost>]

From: Jeffrey Hutzelman <jhutz%cmu.edu@localhost>
Sent: 26 January 2023 12:37

> what should IANA do when SSH registers a new GSS KEX

There's no such thing. GSSAPI mechanisms are identified by OIDs, which are assigned by the owner of the parent arc.  There is no central registry, and certainly not one run by IANA.

SSH can be used with any GSSAPI mechanism that includes the features it needs. No registration is required or possible.

The same problem affects other algorithm and method identifiers, too. All of these namespaces include provision for privately-assigned names, and it's common for algorithms with such names to become widely deployed and even considered best practice without any sort of registration.

Jeff

Thanks for the information;  GSSAPI has always been a blind spot for me.  On the privately-assigned names, yes, those I am familiar with and so is the author of this I-D and he explicitly caters for that in the instructions to IANA for the maintenance of the modules (but does not say anything about the OID, just includes 13 of them in the initial version of the YANG module - ah well, IANA will get to see this and decide what they understand:-(

Tom Petch

-- Jeff