Re: [AVTCORE] [rtcweb] Randomly-generated CNAMEs
Kevin Gross <kevin.gross@avanw.com> Thu, 21 June 2012 23:09 UTC
Return-Path: <kevin.gross@avanw.com>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4BC3921F8589 for <avt@ietfa.amsl.com>; Thu, 21 Jun 2012 16:09:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.128
X-Spam-Level:
X-Spam-Status: No, score=0.128 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, FM_FORGED_GMAIL=0.622, HELO_MISMATCH_COM=0.553, HTML_MESSAGE=0.001, RDNS_NONE=0.1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BL36ol5PwnYa for <avt@ietfa.amsl.com>; Thu, 21 Jun 2012 16:09:07 -0700 (PDT)
Received: from oproxy9.bluehost.com (oproxy9.bluehost.com [IPv6:2605:dc00:100:2::a2]) by ietfa.amsl.com (Postfix) with SMTP id 1491821F85A8 for <avt@ietf.org>; Thu, 21 Jun 2012 16:09:06 -0700 (PDT)
Received: (qmail 17514 invoked by uid 0); 21 Jun 2012 23:09:06 -0000
Received: from unknown (HELO host291.hostmonster.com) (74.220.215.91) by oproxy9.bluehost.com with SMTP; 21 Jun 2012 23:09:06 -0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=avanw.com; s=default; h=Content-Type:Cc:To:From:Subject:Message-ID:Date:References:In-Reply-To:MIME-Version; bh=paJJMO1Bj3r44xeUKnZgS1pQ7qv9N11hMfIjgK1eoeQ=; b=NgKFFY+P4Jvz463hVaUMYQAlKIfGuAwK8M2pjxM7M8tnzYEq267UtcxqViOLRJjU08WzO062rINCNZt4Ax/ZCXOu3FQOrYPX50F++I2Wzy1CQvlU4Q/YHItaFz+P1Elp;
Received: from [74.125.82.172] (port=37771 helo=mail-we0-f172.google.com) by host291.hostmonster.com with esmtpsa (TLSv1:RC4-SHA:128) (Exim 4.76) (envelope-from <kevin.gross@avanw.com>) id 1ShqUs-00053c-3P; Thu, 21 Jun 2012 17:09:06 -0600
Received: by werb13 with SMTP id b13so912571wer.31 for <multiple recipients>; Thu, 21 Jun 2012 16:09:04 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.216.226.32 with SMTP id a32mr15190805weq.190.1340320144443; Thu, 21 Jun 2012 16:09:04 -0700 (PDT)
Received: by 10.223.144.216 with HTTP; Thu, 21 Jun 2012 16:09:04 -0700 (PDT)
In-Reply-To: <A09FD671-5818-4881-9DD9-30FC0EA3D7EE@csperkins.org>
References: <CABcZeBOGHimbibmQNOKrSEKqFRkq7Y1nWfSJJofP5eLZkJ+ULg@mail.gmail.com> <075C431A-A103-4C7E-9D4A-F80CB97DD9FB@csperkins.org> <BB321CED-DBDD-4E6F-997B-8490912F6315@iii.ca> <CABcZeBNvOJJL7YMk4jEQi5g=LbULiNob4LrxUuL-d-qO05_5PQ@mail.gmail.com> <CABkgnnUZOPygWgUQ7f4LnFEjOmQE2vA+KNic0gts3=MTHs8b8Q@mail.gmail.com> <0114FC22-FAE9-491D-8E5B-97A38F7714E7@csperkins.org> <CABcZeBMU4NNfmWRDXD30OmdvJLCSeJnQPgrkdLBFumepYsFoYg@mail.gmail.com> <A09FD671-5818-4881-9DD9-30FC0EA3D7EE@csperkins.org>
Date: Thu, 21 Jun 2012 17:09:04 -0600
Message-ID: <CALw1_Q2=4U7Fx2P5K448L2qcBjntgT_Yb4WwVEGwucE+RCj_1Q@mail.gmail.com>
From: Kevin Gross <kevin.gross@avanw.com>
To: Colin Perkins <csp@csperkins.org>
Content-Type: multipart/alternative; boundary="0016e6de17f3184a0604c3039ad2"
X-Identified-User: {1416:host291.hostmonster.com:avanwcom:avanw.com} {sentby:smtp auth 74.125.82.172 authed with kevin.gross@avanw.com}
Cc: Martin Thomson <martin.thomson@gmail.com>, rtcweb@ietf.org, avt@ietf.org, Cullen Jennings <fluffy@iii.ca>
Subject: Re: [AVTCORE] [rtcweb] Randomly-generated CNAMEs
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/avt>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jun 2012 23:09:08 -0000
It seems like, pure random CNAMEs would have the same or better probability of uniqueness compared to the hashed values specified in 6222. I don't think it is difficult to prove this if you assume the hash function does what it's designed to and makes data white. 48 is not enough bits to ensure uniqueness of a large population of random numbers. If I remember correctly, 64 bits is where the statistics start to get comfortable. See http://en.wikipedia.org/wiki/Birthday_problem. Potentially there's a bigger problem here than linkability :( Kevin Gross On Thu, Jun 21, 2012 at 4:28 PM, Colin Perkins <csp@csperkins.org> wrote: > On 21 Jun 2012, at 23:10, Eric Rescorla wrote: > > On Thu, Jun 21, 2012 at 2:54 PM, Colin Perkins <csp@csperkins.org> > wrote: > >> On 21 Jun 2012, at 20:09, Martin Thomson wrote: > >>> On 21 June 2012 05:48, Eric Rescorla <ekr@rtfm.com> wrote: > >>>> On Thu, Jun 21, 2012 at 5:39 AM, Cullen Jennings <fluffy@iii.ca> > wrote: > >>>>> I think what EKR was getting at is that if A call B in one phone > call, then day later A wants to make an anonymous call to B, B should not > be able to tell the second call is coming from same devices. I think that > was part of the goal of 6222 but from EKR's email it looks like it fails to > provide that. > >>>> > >>>> Exactly. > >>> > >>> I agree with the analysis. The idea that the same browser could be > >>> correlated across two independent sessions bothers me. Within the one > >>> "session", fine - on the contrary, mandatory. Outside of that, I'd > >>> like at least an option for anonymity. > >> > >> Using SRTP to encrypt the traffic will stop third-parties correlating > the sessions, and RTCWeb is mandates SRTP and encryption. > > > > I'm concerned about tracking by people who are second parties. > > > > Consider the case where I call you from an anonymous phone at a domestic > violence shelter. I record the CNAME and then call all the DV shelters > until I determine which one has a CNAME from the same device. > > > >> RFC 6222 does define per-session RTCP CNAME values, if you're concerned > about the called party being able to correlate sessions based on the RTCP > CNAME. We could mandate those instead of short-term persistent RTCP CNAME > values. If that's not sufficient, then someone will need to write a draft > that defines a new RTCP CNAME generation algorithm, which this draft can > refer to. > > > > The problem is that those per-session CNAME values do not appear to be > > unlinkable. I.e., they are distinct but they are generated from the same > underlying data with insufficient entropy to prevent someone who knows two > CNAMEs from determining if they are from the same device. > > > > As far as new algorithm goes, is there some reason "Random" isn't good > enoguh? > > > There's some discussion in RFC 3550 Section 6.5.1 and RFC 6222. It might > be possible to use a random choice, provided the same random value is used > across all sessions that need to be correlated, and the value is chosen to > be unique with high probability. I haven't thought about it in detail. In > any case, it's an update to RFC 3550 and RFC 6222, so someone will have to > write up the draft defining this. > > -- > Colin Perkins > http://csperkins.org/ > > > > _______________________________________________ > Audio/Video Transport Core Maintenance > avt@ietf.org > https://www.ietf.org/mailman/listinfo/avt >
- [AVTCORE] Randomly-generated CNAMEs Eric Rescorla
- Re: [AVTCORE] Randomly-generated CNAMEs Colin Perkins
- Re: [AVTCORE] Randomly-generated CNAMEs Cullen Jennings
- Re: [AVTCORE] Randomly-generated CNAMEs Eric Rescorla
- Re: [AVTCORE] [rtcweb] Randomly-generated CNAMEs Colin Perkins
- Re: [AVTCORE] [rtcweb] Randomly-generated CNAMEs Eric Rescorla
- Re: [AVTCORE] [rtcweb] Randomly-generated CNAMEs Colin Perkins
- Re: [AVTCORE] [rtcweb] Randomly-generated CNAMEs Kevin Gross
- Re: [AVTCORE] [rtcweb] Randomly-generated CNAMEs Eric Rescorla
- Re: [AVTCORE] [rtcweb] Randomly-generated CNAMEs Ali C. Begen (abegen)
- Re: [AVTCORE] [rtcweb] Randomly-generated CNAMEs Eric Rescorla
- Re: [AVTCORE] [rtcweb] Randomly-generated CNAMEs Kevin Gross
- Re: [AVTCORE] [rtcweb] Randomly-generated CNAMEs Martin Thomson
- Re: [AVTCORE] [rtcweb] Randomly-generated CNAMEs Justin Uberti