Security and Privacy Implications of Numeric Identifiers Employed in Network Protocols (Fwd: New Version Notification for draft-gont-predictable-numeric-ids-00.txt)
Fernando Gont <fgont@si6networks.com> Fri, 05 February 2016 18:05 UTC
Return-Path: <fgont@si6networks.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 89B811A1BC3 for <ietf@ietfa.amsl.com>; Fri, 5 Feb 2016 10:05:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jDm2tc3M5M3A for <ietf@ietfa.amsl.com>; Fri, 5 Feb 2016 10:05:32 -0800 (PST)
Received: from fgont.go6lab.si (fgont.go6lab.si [91.239.96.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C38431A1BAF for <ietf@ietf.org>; Fri, 5 Feb 2016 10:05:32 -0800 (PST)
Received: from [192.168.3.107] (unknown [181.165.125.191]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id 4F69C206AF1; Fri, 5 Feb 2016 19:05:27 +0100 (CET)
From: Fernando Gont <fgont@si6networks.com>
Subject: Security and Privacy Implications of Numeric Identifiers Employed in Network Protocols (Fwd: New Version Notification for draft-gont-predictable-numeric-ids-00.txt)
References: <20160204162945.16956.31282.idtracker@ietfa.amsl.com>
X-Enigmail-Draft-Status: N1110
To: "'ietf@ietf.org'" <ietf@ietf.org>
Message-ID: <56B4E463.7050400@si6networks.com>
Date: Fri, 05 Feb 2016 15:05:23 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1
MIME-Version: 1.0
In-Reply-To: <20160204162945.16956.31282.idtracker@ietfa.amsl.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/6KJ2HOjiR9q-9xXtGdiSy6o92Qs>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Feb 2016 18:05:34 -0000
Folks, We have published a new IETF I-D entitled "Security and Privacy Implications of Numeric Identifiers Employed in Network Protocols". It sheds light on the security and privacy implications of predictable numeric identifiers, which have affected (and still affect) several IETF protocols for ages, and that in some cases (such as IPv6 IIDs) can be leveraged for pervasive monitoring. The I-D is available here: <https://www.ietf.org/internet-drafts/draft-gont-predictable-numeric-ids-00.txt> For the time being, at least, we expect discussion to happen on the SAAG mailing-list (<saag@ietf.org>). Your feedback will be appreciated. Thanks! Best regards, Fernando -------- Forwarded Message -------- Subject: New Version Notification for draft-gont-predictable-numeric-ids-00.txt Date: Thu, 04 Feb 2016 08:29:45 -0800 From: internet-drafts@ietf.org To: Ivan Arce <stic@fundacionsadosky.org.ar>, Fernando Gont <fgont@si6networks.com> A new version of I-D, draft-gont-predictable-numeric-ids-00.txt has been successfully submitted by Fernando Gont and posted to the IETF repository. Name: draft-gont-predictable-numeric-ids Revision: 00 Title: Security and Privacy Implications of Numeric Identifiers Employed in Network Protocols Document date: 2016-02-04 Group: Individual Submission Pages: 32 URL: https://www.ietf.org/internet-drafts/draft-gont-predictable-numeric-ids-00.txt Status: https://datatracker.ietf.org/doc/draft-gont-predictable-numeric-ids/ Htmlized: https://tools.ietf.org/html/draft-gont-predictable-numeric-ids-00 Abstract: This document performs an analysis of the security and privacy implications of different types of "numeric identifiers" used in IETF protocols, and tries to categorize them based on their interoperability requirements and the assoiated failure severity when such requirements are not met. It describes a number of algorithms that have been employed in real implementations to meet such requirements and analyzes their security and privacy properties. Additionally, it provides advice on possible algorithms that could be employed to satisfy the interoperability requirements of each identifier type, while minimizing the security and privacy implications, thus providing guidance to protocol designers and protocol implementers. Finally, it provides recommendations for future protocol specifications regarding the specification of the aforementioned numeric identifiers. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat
- Security and Privacy Implications of Numeric Iden… Fernando Gont