Re: [hybi] "fresh" and "uniformly at random":
Adam Barth <ietf@adambarth.com> Sat, 18 June 2011 06:27 UTC
Return-Path: <ietf@adambarth.com>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C2C9E11E811E for <hybi@ietfa.amsl.com>; Fri, 17 Jun 2011 23:27:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.295
X-Spam-Level:
X-Spam-Status: No, score=-3.295 tagged_above=-999 required=5 tests=[AWL=-0.318, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tlM0oaNL4p6v for <hybi@ietfa.amsl.com>; Fri, 17 Jun 2011 23:27:58 -0700 (PDT)
Received: from mail-gw0-f44.google.com (mail-gw0-f44.google.com [74.125.83.44]) by ietfa.amsl.com (Postfix) with ESMTP id ED4C011E807C for <hybi@ietf.org>; Fri, 17 Jun 2011 23:27:57 -0700 (PDT)
Received: by gwb20 with SMTP id 20so123460gwb.31 for <hybi@ietf.org>; Fri, 17 Jun 2011 23:27:57 -0700 (PDT)
Received: by 10.236.154.4 with SMTP id g4mr2054785yhk.127.1308378476946; Fri, 17 Jun 2011 23:27:56 -0700 (PDT)
Received: from mail-yx0-f172.google.com (mail-yx0-f172.google.com [209.85.213.172]) by mx.google.com with ESMTPS id i6sm3352068anm.51.2011.06.17.23.27.55 (version=SSLv3 cipher=OTHER); Fri, 17 Jun 2011 23:27:55 -0700 (PDT)
Received: by yxt33 with SMTP id 33so2586275yxt.31 for <hybi@ietf.org>; Fri, 17 Jun 2011 23:27:55 -0700 (PDT)
Received: by 10.90.249.28 with SMTP id w28mr3504183agh.40.1308378475134; Fri, 17 Jun 2011 23:27:55 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.90.65.13 with HTTP; Fri, 17 Jun 2011 23:27:25 -0700 (PDT)
In-Reply-To: <000401cc2cf3$106d37d0$3147a770$@noemax.com>
References: <000401cc2cf3$106d37d0$3147a770$@noemax.com>
From: Adam Barth <ietf@adambarth.com>
Date: Fri, 17 Jun 2011 23:27:25 -0700
Message-ID: <BANLkTim_-kytRUdG-X51fFZY+Gj4mcypnQ@mail.gmail.com>
To: Arman Djusupov <arman@noemax.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: hybi@ietf.org
Subject: Re: [hybi] "fresh" and "uniformly at random":
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Jun 2011 06:27:58 -0000
The term "fresh" is a term of art in cryptography. It means, roughly, "not used previously." The term "uniformly at random" means draw from the uniform random distribution over the set of all 32-bit sequences. Both qualifications are necessary for this purpose. Adam On Fri, Jun 17, 2011 at 6:32 AM, Arman Djusupov <arman@noemax.com> wrote: > Hello, > > Reading carefully the following paragraph I was left wondering what is exactly meant by the use of "fresh" and "uniformly at random": > > "When preparing a masked frame, the client MUST pick a fresh masking key uniformly at random from the set of allowed 32-bit values. The unpredictability of the masking key is essential to prevent the author of malicious applications from selecting the bytes that appear on the wire." > > Could we use a term other than "fresh" and also clarify what "uniformly at random" means? This is a "MUST" section so it should be absolutely clear and proper in its wording. As it has now it seems to possibly be a bit vulnerable to being read in "uniformly at random" ways and open to a "fresh" interpretation by each implementor :) > > With best regards, > Arman > >> -----Original Message----- >> From: hybi-bounces@ietf.org [mailto:hybi-bounces@ietf.org] On Behalf Of >> Peter Saint-Andre >> Sent: Friday, June 17, 2011 2:49 AM >> To: hybi@ietf.org >> Subject: [hybi] -09: sending, closing, errors, extensions >> >> More comments... >> >> Section 6.1 states: >> >> 5. If the data is being sent by the client, the frame(s) MUST be >> masked as defined in Section 4.3. >> >> Section 6.2 states: >> >> Data frames received by a server from a client MUST be unmasked as >> described in Section 4.3. >> >> The word "unmasked" makes it sound like this contradicts the text in Section >> 6.1 -- as in, "must not be masked" as opposed to "the server shall remove >> the masking applied by the client". >> >> In Section 7, the text about the close /reason/ makes it sound as if an >> application might choose to show UTF-8 encoded data to an end user. That >> might lead the reader to think that language tagging might be necessary. >> Is it? >> >> In Section 8.2, there is no deterministic server behavior upon receiving data >> that is not valid UTF-8. Why? What use cases would motivate accepting such >> data instead of just closing the connection? >> >> Section 9.1 says: >> >> Any extension-token used MUST either be a registered token >> (registration TBD), or have a prefix of "x-" to indicate a private- >> use token. >> >> It's probably not a good idea to have "registration TBD" in a document that is >> going for IETF Last Call. :) Presumably a forward pointer to Section 11.6 would >> suffice. >> >> Do we really want to encourage use of "x-"? See here for relevant >> considerations (I plan to submit an updated version soon): >> >> http://tools.ietf.org/id/draft-saintandre-xdash-considered-harmful-01.txt >> >> Peter >> >> -- >> Peter Saint-Andre >> https://stpeter.im/ >> >> > > > _______________________________________________ > hybi mailing list > hybi@ietf.org > https://www.ietf.org/mailman/listinfo/hybi >
- [hybi] "fresh" and "uniformly at random": Arman Djusupov
- Re: [hybi] "fresh" and "uniformly at random": Adam Barth
- Re: [hybi] "fresh" and "uniformly at random": Denis Lagno
- Re: [hybi] "fresh" and "uniformly at random": Adam Barth
- Re: [hybi] "fresh" and "uniformly at random": Denis Lagno
- Re: [hybi] "fresh" and "uniformly at random": Adam Barth
- Re: [hybi] "fresh" and "uniformly at random": Denis Lagno
- Re: [hybi] "fresh" and "uniformly at random": Adam Barth
- Re: [hybi] "fresh" and "uniformly at random": Arman Djusupov