Re: Randomness of Message-ID in IMDN
"Frank Ellermann" <nobody@xyzzy.claranet.de> Thu, 15 May 2008 18:05 UTC
Return-Path: <ietf-bounces@ietf.org>
X-Original-To: ietf-archive@megatron.ietf.org
Delivered-To: ietfarch-ietf-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1DA6D3A6954; Thu, 15 May 2008 11:05:26 -0700 (PDT)
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 63FC83A6954 for <ietf@core3.amsl.com>; Thu, 15 May 2008 11:05:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kIM5PNoBGD6Z for <ietf@core3.amsl.com>; Thu, 15 May 2008 11:05:24 -0700 (PDT)
Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) by core3.amsl.com (Postfix) with ESMTP id 241813A690F for <ietf@ietf.org>; Thu, 15 May 2008 11:05:24 -0700 (PDT)
Received: from root by ciao.gmane.org with local (Exim 4.43) id 1JwgUs-0005iI-DK for ietf@ietf.org; Thu, 15 May 2008 16:40:02 +0000
Received: from hmbg-d9b88e26.pool.mediaways.net ([217.184.142.38]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for <ietf@ietf.org>; Thu, 15 May 2008 16:40:02 +0000
Received: from nobody by hmbg-d9b88e26.pool.mediaways.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for <ietf@ietf.org>; Thu, 15 May 2008 16:40:02 +0000
X-Injected-Via-Gmane: http://gmane.org/
To: ietf@ietf.org
From: Frank Ellermann <nobody@xyzzy.claranet.de>
Subject: Re: Randomness of Message-ID in IMDN
Date: Thu, 15 May 2008 18:37:51 +0200
Organization: <http://purl.net/xyzzy>
Lines: 45
Message-ID: <g0hor4$frm$2@ger.gmane.org>
References: <20080503211234.0377B5081A@romeo.rtfm.com><C5B56A4A-1901-41F6-B47E-C04F51D813E6@standardstrack.com><20080514154217.28E375081A@romeo.rtfm.com><28AB2CB7-DE19-42B0-906C-2D900FEDFB1A@standardstrack.com> <20080514172556.2819F5081A@romeo.rtfm.com>
Mime-Version: 1.0
X-Complaints-To: usenet@ger.gmane.org
X-Gmane-NNTP-Posting-Host: hmbg-d9b88e26.pool.mediaways.net
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1914
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1914
Cc: simple@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Frank Ellermann <hmdmhdfmhdjmzdtjmzdtzktdkztdjz@gmail.com>
List-Id: IETF Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org
Eric Rescorla wrote: > As I understand the situation, the sender the only person > who has to rely on the uniqueness of this header, right? Hi, I have not the faintest idea what you are talking about, but if it is in any way related to the 2822upd concept of a Message-ID "worldwide unique forever" is no nonsense as soon as a Message-ID passes mail2news gateways, and/or is used in an Archived-At URL. > the Message-ID MUST be selected so that: > (1) There is a minimal chance of any two Message-IDs accidentally > colliding within the time period within which an IMDN might be > received. That is apparently the definition for some UUID versions, but not for a Message-ID as specified in RFC.ietf-usefor-usefor: | The Message-ID header field contains a unique message identifier. | Netnews is more dependent on message identifier uniqueness and fast | comparison than Email is [...] | The global uniqueness requirement for <msg-id> in [RFC2822] | is to be understood as applying across all protocols using | such message identifiers, and across both Email and Netnews | in particular. > (2) It is prohibitive for an attacker who has seen one or more > valid Message-IDs to generate additional valid Message-IDs. That would match pseudo-random number, but a "worldwide unique forever" Message-ID can boil down to timestamp @ domain (plus magic to avoid collisions for various Message-ID generators for a given domain or subdomain). > it is RECOMMENDED that Message-IDs be generated using a > cryptographically secure pseudorandom number generator Please get the terminology right as first priority, what you are talking about is apparently *NOT* an 2822upd Message-ID as used in mail, news, APOP, and CRAM-MD5. Frank _______________________________________________ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
- Re-review of draft-ietf-simple-imdn Eric Rescorla
- Re: Re-review of draft-ietf-simple-imdn Eric Burger
- Re: Re-review of draft-ietf-simple-imdn Eric Rescorla
- Randomness of Message-ID in IMDN Eric Burger
- Re: Randomness of Message-ID in IMDN Eric Rescorla
- Re: Randomness of Message-ID in IMDN Eric Burger
- Re: Randomness of Message-ID in IMDN Frank Ellermann
- Re: Re-review of draft-ietf-simple-imdn Frank Ellermann
- Re: Randomness of Message-ID in IMDN Eric Rescorla
- Re: Randomness of Message-ID in IMDN Frank Ellermann
- Re: Randomness of Message-ID in IMDN Eric Burger