Re: [auth48] AUTH48: RFC-to-be 9415 <draft-irtf-pearg-numeric-ids-history-11> for your review

[rfc-editor@rfc-editor.org]

Authors,

While reviewing this document during AUTH48, please resolve (as necessary) the following questions, which are also in the XML file.

1) <!--[rfced] Please ensure that the guidelines listed in Section 2.1 of RFC 5743
have been adhered to in this document.  -->


2) <!--[rfced] Please insert any keywords (beyond those that appear in
the title) for use on https://www.rfc-editor.org/search. -->


3) <!--[rfced] We note that RFC 1035 does not include a mention of "RFC Query
IDs". Please review and let us know if/how this citation should be updated.

Original:
   Networking protocols employ a variety of transient numeric
   identifiers for different protocol objects, such as IPv4 and IPv6
   Fragment Identifiers [RFC0791] [RFC8200], IPv6 Interface Identifiers
   (IIDs) [RFC4291], transport protocol ephemeral port numbers
   [RFC6056], TCP Initial Sequence Numbers (ISNs) [RFC0793], NTP
   Reference IDs (REFIDs) [RFC5905], and DNS Query IDs [RFC1035].
-->   


4) <!--[rfced] We see a number of author-inserted comments in the XML file for
this document. We are unsure if these have been resolved. Please review
and let us know if these can be deleted or if they need to be addressed.
-->


5) <!--[rfced] [SUSE2011] is dated December 2011. Should it still be listed
under "November 2011"? Please review and let us know if/how it should be updated.

Original:
   November 2011:
      Linux mitigates predictable IPv6 Identification values
      [RedHat2011] [SUSE2011] [Ubuntu2011].

Similarly, [USCERT2001] is dated as from March 2001. Should it still be listed
under "May 2001"? Please review and let us know if/how it should be updated.

Original:
   May 2001:
      Vulnerability advisories [CERT2001] [USCERT2001] were released
      regarding statistical weaknesses in some ISN generators, affecting
      popular TCP implementations. 
-->      


6) <!--[rfced] FYI, this item has been rephrased as follows to avoid
"upcoming revision" because it is inaccurate. Please review and 
let us know if further changes are needed. Also, please see the
perhaps text in case you would like to reference the RFC 
rather than the I-D, as mentioned in question #10.

Original:
   August 2014:
      [I-D.eddy-rfc793bis-04], the upcoming revision of the core TCP
      protocol specification, incorporates the algorithm specified in
      [RFC6528] as the recommended ("SHOULD") algorithm for TCP ISN
      generation.

Current:
   August 2014:
      The algorithm specified in [RFC6528] becomes the recommended
      ("SHOULD") algorithm for TCP ISN generation in
      [I-D.eddy-rfc793bis-04], an early revision of the core TCP
      specification [RFC9293].

Perhaps (simply referencing the RFC):
   August 2014:
      The algorithm specified in [RFC6528] becomes the recommended
      ("SHOULD") algorithm for TCP ISN generation in an early revision of
      the core TCP specification that would later be published as RFC 9293
      [RFC9293].
-->


7) <!--[rfced] RFC 2374 obsoletes RFC 2073. Therefore, we have updated the
citation from [RFC2373] to [RFC2073]. As this was the only instance where
RFC 2373 was cited in this document, we have removed the corresponding
reference. Please let us know of any objections.

Original:
   July 1998:
      [RFC2374] specifies "An IPv6 Aggregatable Global Unicast Address
      Format" (obsoleting [RFC2373]) changing the size of the IID to 64
      bits, and specifies that IIDs must be constructed in IEEE EUI-64
      format.

Current:
   July 1998:
      [RFC2374] specifies "An IPv6 Aggregatable Global Unicast Address
      Format" (obsoleting [RFC2073]) changing the size of the IID to 64
      bits and specifies that IIDs must be constructed in IEEE 64-bit
      Extended Unique Identifier (EUI-64) format.
-->


8) <!--[rfced] As asterisks are used in the sentence below, would you
like to make use of the <strong> element for emphasis? This will yield
asterisks in the text output and bold letters in the html and pdf outs
<https://authors.ietf.org/rfcxml-vocabulary#strong>.

Original:
   April 2014:
      [RFC7217] (formerly [I-D.ietf-6man-stable-privacy-addresses]) is
      published, specifying "A Method for Generating Semantically Opaque
      Interface Identifiers with IPv6 Stateless Address
      Autoconfiguration (SLAAC)" as an alternative to (but *not*
      replacement of) Modified EUI-64 format IIDs.
-->


9) <!--[rfced] References
	  
a) Would you like the references to be alphabetized or left in their
current order?

b) The following RFCs have been obsoleted. Other than specific instances
where RFCs are cited in the timelines, may these RFCs be replaced with their
obsoleting RFCs? 

RFC 793 > RFC 9293
RFC 1323 > RFC 7323
RFC 1883 > RFC 8200
RFC 2460 > RFC 8220
RFC 6528 > RFC 9293

c) The URL provided returns 404 page not found. We have updated 
the URL as follows. Please let us know if you prefer otherwise.

Original:
   [Shimomura1995]
              Shimomura, T., "Technical details of the attack described
              by Markoff in NYT", Message posted in USENET's
              comp.security.misc newsgroup Message-ID:
              <3g5gkl$5j1@ariel.sdsc.edu>, 1995,
              <https://www.gont.com.ar/docs/post-shimomura-usenet.txt>.

Current:
   [Shimomura1995]                                                                  
              Shimomura, T., "Technical details of the attack described             
              by Markoff in NYT", message to the USENET                             
              comp.security.misc newsgroup, 25 January 1995,                        
              <https://groups.google.com/g/comp.security.misc/c/                    
              z5j323oQJeg/m/O7STL_6X_v4J>.  


d) The URL for the reference below leads to a page titled "TCP Idle Scan
(-sI)". We have found a URL leading to a page with the same title as the
one provided. May we update this reference?

Original:
   [Fyodor2002]
              Fyodor, "Idle scanning and related IP ID games", 2002,
              <http://www.insecure.org/nmap/idlescan.html>.

Perhaps:
   [Fyodor2002]
              Fyodor, "Idle Scanning and related IPID games", September 2002,
              <https://nmap.org/presentations/CanSecWest03/CD_Content/idlescan_paper/idlescan.html>.


e) May we update the URL and the title of this reference as follows?
(Same question as for RFC-to-be 9414.)
                                                                                     
Original:                                                                            
   [Sanfilippo1998b]                                                                 
              Sanfilippo, S., "Idle scan", Post to Bugtraq mailing-list,             
              1998, <https://github.com/antirez/hping/raw/master/docs/               
              SPOOFED_SCAN.txt

Perhaps:                                                                             
   [Sanfilippo1998b]                                                            
              Sanfilippo, S., "new tcp scan method", message to the             
              Bugtraq mailing list, 18 December 1998,                           
              <https://seclists.org/bugtraq/1998/Dec/79>.  

f) Would you like to update add a URL to the reference and 
update the title accordingly?

Original:
   [Gont2011] Gont, F., "Hacking IPv6 Networks (training course)", Hack
              In Paris 2011 Conference Paris, France, June 2011.

Perhaps:
   [Gont2011] Gont, F., "Hacking IPv6 Networks", Hack
             In Paris 2011 Conference Paris, France, June 2011,
	     <https://www.si6networks.com/files/presentations/hip2011/
	     fgont-hip2011-hacking-ipv6-networks.pdf>.

g) We are having trouble opening the URL from the reference below.	
May we update it as follows?

Original:
   [Klein2007b]
              Klein, A., "BIND 9 DNS Cache Poisoning", March 2007,
              <https://citeseerx.ist.psu.edu/viewdoc/
              summary?doi=10.1.1.86.4474>.

Perhaps:
   [Klein2007b]
              Klein, A., "BIND 9 DNS Cache Poisoning", March 2007,
              <https://citeseerx.ist.psu.edu/viewdoc/
              summary?doi=10.1.1.86.4474>.
-->


10) <!--[rfced] Regarding the references to Internet-Drafts, we suggest
updating the anchors as follows. Please let us know if you prefer
otherwise.

This renaming would enable all references to the same
document to appear together in the references section. (Currently
the references are not automatically sorted alphanumerically
because sortRefs="false". Would you like to change to sortRefs="true"?)

Although references to multiple versions of one Internet-Draft are
permitted, you might consider whether this essential to the timelines
that are provided in the subsections of Section 4.

In the cases where the I-D has been published as an RFC, we suggest
rephrasing the text to simply reference the RFC.

Original -> Suggested

[draft-fgont-6man-rfc4941bis-00]-> [SLAAC-PRIV-GONT-00]
[draft-ietf-6man-rfc4941bis-00] -> [SLAAC-PRIV-00]
[I-D.ietf-6man-rfc4941bis]      -> [SLAAC-PRIV-12]  -> RFC 8981

[I-D.gont-opsec-ipv6-host-scanning] -> [HOST-SCAN-GONT-02]
[I-D.ietf-opsec-ipv6-host-scanning] -> [HOST-SCAN-08]   -> RFC 7707

[draft-gont-6man-stable-privacy-addresses-00] -> [STABLE-PRIV-ADDR-GONT-00]
[I-D.gont-6man-stable-privacy-addresses]      -> [STABLE-PRIV-ADDR-GONT-01]
[draft-ietf-6man-stable-privacy-addresses-00] -> [STABLE-PRIV-ADDR-00]
[I-D.ietf-6man-stable-privacy-addresses]      -> [STABLE-PRIV-ADDR-17]    -> RFC 7217

[I-D.cooper-6man-ipv6-address-generation-privacy] -> [ADDR-GEN-PRIV-COOPER-00]
[I-D.ietf-6man-ipv6-address-generation-privacy]   -> [ADDR-GEN-PRIV-08]

[draft-gont-6man-address-usage-recommendations-00] -> [ADDR-REC-00]

[draft-gont-6man-non-stable-iids-00] -> [TEMP-IIDS-04]

[draft-ietf-6man-default-iids-00] -> [DEFAULT-IIDS-00]
[I-D.ietf-6man-default-iids]      -> [DEFAULT-IIDS-16] -> RFC 8064

[I-D.gont-predictable-numeric-ids] -> [PREDICTABLE-NIDS-03]
    Note: this was replaced by draft-irtf-pearg-numeric-ids-history-11 
    (which is this document itself)

[I-D.ietf-6man-rfc2460bis] -> [IPv6-13] -> RFC 8200

[draft-stenn-ntp-not-you-refid-00] -> [NTP-REFID-GONT-00]
[draft-ietf-ntp-refid-updates-00]  -> [NTP-REFID-00]
[I-D.ietf-ntp-refid-updates]       -> [NTP-REFID-05]

[I-D.eddy-rfc793bis-04] -> [TCP-EDDY-04]
     Note: this was replaced by draft-ietf-tcpm-rfc793bis -> RFC 9293

[I-D.gont-ntp-port-randomization] -> [NTP-PORT-RAND-GONT-04]
[I-D.ietf-ntp-port-randomization] -> [NTP-PORT-RAND-08] -> RFC 9109

[draft-gont-6man-predictable-fragment-id-00] -> [PRED-FRAG-ID-GONT-00]
[I-D.gont-6man-predictable-fragment-id]      -> [PRED-FRAG-ID-GONT-03]
[draft-ietf-6man-predictable-fragment-id-00] -> [PRED-FRAG-ID-00]
[draft-ietf-6man-predictable-fragment-id-01] -> [PRED-FRAG-ID-01]
[draft-ietf-6man-predictable-fragment-id-02] -> [PRED-FRAG-ID-02]
[draft-ietf-6man-predictable-fragment-id-08] -> [PRED-FRAG-ID-08]
[I-D.ietf-6man-predictable-fragment-id]      -> [PRED-FRAG-ID-10] -> RFC 7739
-->


11) <!-- [rfced] Throughout the text, the following terminology appears to be used 
inconsistently. Please review these occurrences and let us know if/how they
may be made consistent.  

destination address vs. Destination Address
source address vs. Source Address
-->


12) <!-- [rfced] Please review the "Inclusive Language" portion of the online 
Style Guide <https://www.rfc-editor.org/styleguide/part2/#inclusive_language> 
and let us know if any changes are needed.

For example, please consider whether "dumb" should be updated.

In addition, please consider whether "traditional" and "traditionally" should
be updated for clarity.  While the NIST website 
<https://www.nist.gov/nist-research-library/nist-technical-series-publications-author-instructions#table1> 
indicates that this term is potentially biased, it is also ambiguous.  
"Tradition" is a subjective term, as it is not the same for everyone.
-->


Thank you.

RFC Editor/ap/ar


On May 26, 2023, rfc-editor@rfc-editor.org wrote:

*****IMPORTANT*****

Updated 2023/05/26

RFC Author(s):
--------------

Instructions for Completing AUTH48

Your document has now entered AUTH48.  Once it has been reviewed and 
approved by you and all coauthors, it will be published as an RFC.  
If an author is no longer available, there are several remedies 
available as listed in the FAQ (https://www.rfc-editor.org/faq/).

You and you coauthors are responsible for engaging other parties 
(e.g., Contributors or Working Group) as necessary before providing 
your approval.

Planning your review 
---------------------

Please review the following aspects of your document:

*  RFC Editor questions

  Please review and resolve any questions raised by the RFC Editor 
  that have been included in the XML file as comments marked as 
  follows:

  <!-- [rfced] ... -->

  These questions will also be sent in a subsequent email.

*  Changes submitted by coauthors 

  Please ensure that you review any changes submitted by your 
  coauthors.  We assume that if you do not speak up that you 
  agree to changes submitted by your coauthors.

*  Content 

  Please review the full content of the document, as this cannot 
  change once the RFC is published.  Please pay particular attention to:
  - IANA considerations updates (if applicable)
  - contact information
  - references

*  Copyright notices and legends

  Please review the copyright notice and legends as defined in
  RFC 5378 and the Trust Legal Provisions 
  (TLP – https://trustee.ietf.org/license-info/).

*  Semantic markup

  Please review the markup in the XML file to ensure that elements of  
  content are correctly tagged.  For example, ensure that <sourcecode> 
  and <artwork> are set correctly.  See details at 
  <https://authors.ietf.org/rfcxml-vocabulary>.

*  Formatted output

  Please review the PDF, HTML, and TXT files to ensure that the 
  formatted output, as generated from the markup in the XML file, is 
  reasonable.  Please note that the TXT will have formatting 
  limitations compared to the PDF and HTML.


Submitting changes
------------------

To submit changes, please reply to this email using ‘REPLY ALL’ as all 
the parties CCed on this message need to see your changes. The parties 
include:

  *  your coauthors

  *  rfc-editor@rfc-editor.org (the RPC team)

  *  other document participants, depending on the stream (e.g., 
     IETF Stream participants are your working group chairs, the 
     responsible ADs, and the document shepherd).

  *  auth48archive@rfc-editor.org, which is a new archival mailing list 
     to preserve AUTH48 conversations; it is not an active discussion 
     list:

    *  More info:
       https://mailarchive.ietf.org/arch/msg/ietf-announce/yb6lpIGh-4Q9l2USxIAe6P8O4Zc

    *  The archive itself:
       https://mailarchive.ietf.org/arch/browse/auth48archive/

    *  Note: If only absolutely necessary, you may temporarily opt out 
       of the archiving of messages (e.g., to discuss a sensitive matter).
       If needed, please add a note at the top of the message that you 
       have dropped the address. When the discussion is concluded, 
       auth48archive@rfc-editor.org will be re-added to the CC list and 
       its addition will be noted at the top of the message. 

You may submit your changes in one of two ways:

An update to the provided XML file
— OR —
An explicit list of changes in this format

Section # (or indicate Global)

OLD:
old text

NEW:
new text

You do not need to reply with both an updated XML file and an explicit 
list of changes, as either form is sufficient.

We will ask a stream manager to review and approve any changes that seem
beyond editorial in nature, e.g., addition of new text, deletion of text, 
and technical changes.  Information about stream managers can be found in 
the FAQ.  Editorial changes do not require approval from a stream manager.


Approving for publication
--------------------------

To approve your RFC for publication, please reply to this email stating
that you approve this RFC for publication.  Please use ‘REPLY ALL’,
as all the parties CCed on this message need to see your approval.


Files 
-----

The files are available here:
  https://www.rfc-editor.org/authors/rfc9415.xml
  https://www.rfc-editor.org/authors/rfc9415.html
  https://www.rfc-editor.org/authors/rfc9415.pdf
  https://www.rfc-editor.org/authors/rfc9415.txt

Diff file of the text:
  https://www.rfc-editor.org/authors/rfc9415-diff.html
  https://www.rfc-editor.org/authors/rfc9415-rfcdiff.html (side by side)

Diff of the XML: 
  https://www.rfc-editor.org/authors/rfc9415-xmldiff1.html

The following files are provided to facilitate creation of your own 
diff files of the XML.  

Initial XMLv3 created using XMLv2 as input:
  https://www.rfc-editor.org/authors/rfc9415.original.v2v3.xml 

XMLv3 file that is a best effort to capture v3-related format updates 
only: 
  https://www.rfc-editor.org/authors/rfc9415.form.xml


Tracking progress
-----------------

The details of the AUTH48 status of your document are here:
  https://www.rfc-editor.org/auth48/rfc9415

Please let us know if you have any questions.  

Thank you for your cooperation,

RFC Editor

--------------------------------------
RFC9415 (draft-irtf-pearg-numeric-ids-history-11)

Title            : Unfortunate History of Transient Numeric Identifiers
Author(s)        : F. Gont, I. Arce