Re: Randomness of Message-ID in IMDN
Eric Rescorla <ekr@networkresonance.com> Wed, 14 May 2008 17:23 UTC
Return-Path: <ietf-bounces@ietf.org>
X-Original-To: ietf-archive@megatron.ietf.org
Delivered-To: ietfarch-ietf-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3298B3A6986; Wed, 14 May 2008 10:23:45 -0700 (PDT)
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D3CCF3A686E; Wed, 14 May 2008 10:23:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.871
X-Spam-Level:
X-Spam-Status: No, score=-1.871 tagged_above=-999 required=5 tests=[AWL=0.728, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mRGMHaF5l225; Wed, 14 May 2008 10:23:38 -0700 (PDT)
Received: from romeo.rtfm.com (romeo.rtfm.com [74.95.2.173]) by core3.amsl.com (Postfix) with ESMTP id 08E083A6813; Wed, 14 May 2008 10:23:38 -0700 (PDT)
Received: from romeo.rtfm.com (localhost.rtfm.com [127.0.0.1]) by romeo.rtfm.com (Postfix) with ESMTP id 2819F5081A; Wed, 14 May 2008 10:25:56 -0700 (PDT)
Date: Wed, 14 May 2008 10:25:56 -0700
From: Eric Rescorla <ekr@networkresonance.com>
To: Eric Burger <eburger@standardstrack.com>
Subject: Re: Randomness of Message-ID in IMDN
In-Reply-To: <28AB2CB7-DE19-42B0-906C-2D900FEDFB1A@standardstrack.com>
References: <20080503211234.0377B5081A@romeo.rtfm.com> <C5B56A4A-1901-41F6-B47E-C04F51D813E6@standardstrack.com> <20080514154217.28E375081A@romeo.rtfm.com> <28AB2CB7-DE19-42B0-906C-2D900FEDFB1A@standardstrack.com>
User-Agent: Wanderlust/2.14.0 (Africa) Emacs/21.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Message-Id: <20080514172556.2819F5081A@romeo.rtfm.com>
Cc: iesg@ietf.org, secdir@mit.edu, ietf@ietf.org, simple@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org
At Thu, 15 May 2008 00:25:38 +0800, Eric Burger wrote: > Thanks for your very, very quick review! On the one open item for > discussion, Message-ID, I would offer (1) it is not a do-or-die > situation but that (2) using a cryptographically secure random number > generator. achieves the same result with better properties. Again, I > will defer back to you: I know the work group will push back strong if > a cryptographically secure random number generator is a resource hog. > > Are there memory / CPU efficient cryptographically secure random > number generators? Yes. For instance, the NIST SP 800-90 PRNG requires order 256-512 bits of internal state and two hash operations for every hash-sized (160-512 bits) chunk of output. I would just use OpenSSL's cryptographically secure PRNG myself :) > Should we give guidance to the range of numbers > (i.e., 32-bits, 512-bits, 6 digits, etc.)? As I understand the situation, the sender the only person who has to rely on the uniqueness of this header, right? I would suggest instead of recommending a given number you explain what the issues are and why this has to be unpredictable. Perhaps something like this: Because the Message-ID is used by the sender to correlate IMDNs with their respective IMs, the Message-ID MUST be selected so that: (1) There is a minimal chance of any two Message-IDs accidentally colliding within the time period within which an IMDN might be received. (2) It is prohibitive for an attacker who has seen one or more valid Message-IDs to generate additional valid Message-IDs. The first requirement is a correctness requirement to ensure correct matching. The second requirement prevents off-path attackers from forging IMDNs. In order to meet both of these requirements, it is RECOMMENDED that Message-IDs be generated using a cryptographically secure pseudorandom number generator (see [RFC 4086] and contain at least 64 bits of randomness, thus reducing the chance of a successful guessing attack to n/2^64, where n is the number of outstanding valid messages. Another potential approach is to combine a sequence number (providing uniqueness) with a cryptographic MAC for unforgeability. Cheers, -Ekr _______________________________________________ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
- Re-review of draft-ietf-simple-imdn Eric Rescorla
- Re: Re-review of draft-ietf-simple-imdn Eric Burger
- Re: Re-review of draft-ietf-simple-imdn Eric Rescorla
- Randomness of Message-ID in IMDN Eric Burger
- Re: Randomness of Message-ID in IMDN Eric Rescorla
- Re: Randomness of Message-ID in IMDN Eric Burger
- Re: Randomness of Message-ID in IMDN Frank Ellermann
- Re: Re-review of draft-ietf-simple-imdn Frank Ellermann
- Re: Randomness of Message-ID in IMDN Eric Rescorla
- Re: Randomness of Message-ID in IMDN Frank Ellermann
- Re: Randomness of Message-ID in IMDN Eric Burger