Re: [core] Possible false-duplicate detection
Carsten Bormann <cabo@tzi.org> Fri, 21 September 2012 12:56 UTC
Return-Path: <cabo@tzi.org>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B72121F866E for <core@ietfa.amsl.com>; Fri, 21 Sep 2012 05:56:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.249
X-Spam-Level:
X-Spam-Status: No, score=-106.249 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8KjxSojVRLJz for <core@ietfa.amsl.com>; Fri, 21 Sep 2012 05:56:32 -0700 (PDT)
Received: from informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::12]) by ietfa.amsl.com (Postfix) with ESMTP id CCFE621F8661 for <core@ietf.org>; Fri, 21 Sep 2012 05:56:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at informatik.uni-bremen.de
Received: from smtp-fb3.informatik.uni-bremen.de (smtp-fb3.informatik.uni-bremen.de [134.102.224.120]) by informatik.uni-bremen.de (8.14.3/8.14.3) with ESMTP id q8LCuNhX014983; Fri, 21 Sep 2012 14:56:23 +0200 (CEST)
Received: from [192.168.217.105] (p54893726.dip.t-dialin.net [84.137.55.38]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtp-fb3.informatik.uni-bremen.de (Postfix) with ESMTPSA id 224C9D74; Fri, 21 Sep 2012 14:56:23 +0200 (CEST)
Mime-Version: 1.0 (Mac OS X Mail 6.1 \(1498\))
Content-Type: text/plain; charset="iso-8859-1"
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <CAFUtXGzn6xTe7cWeCEsoE9K5aR41UXyBV9j0nV8CnzUio_FMKw@mail.gmail.com>
Date: Fri, 21 Sep 2012 14:56:23 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <B48E168C-5298-44A7-88B3-B4A01AC90910@tzi.org>
References: <CAFUtXGzn6xTe7cWeCEsoE9K5aR41UXyBV9j0nV8CnzUio_FMKw@mail.gmail.com>
To: Maciej Wasilak <wasilak@gmail.com>
X-Mailer: Apple Mail (2.1498)
Cc: core WG <core@ietf.org>
Subject: Re: [core] Possible false-duplicate detection
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/core>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Sep 2012 12:56:32 -0000
Hi Maciej, yes, that risk is intrinsic in randomly generating message-IDs. Section 4.4.2.3 of draft-ietf-lwig-guidance-02.txt contains some recommendations on choosing message-IDs. If you do need to go random for some reason (e.g., no memory for keeping per-peer counters even for EXCHANGE_LIFETIME), you could randomize the source port (and, possibly, even the source IP address) as well, turning the probability of a false positive from 1e-5 to 1e-9. By choosing a different token, you can detect the false positive with very high probability, but (for POST) I haven't really thought about recovery strategies that would fully maintain "at-most-once" semantics. In many cases with very simple clients (which only ever send one kind of request), the damage may just be a lost update (if this is for POST), or simply getting a copy of old data (if this is for GET and the server does buffer the old response, which many don't). Grüße, Carsten
- [core] Possible false-duplicate detection Maciej Wasilak
- Re: [core] Possible false-duplicate detection Carsten Bormann