Re: Randomness of Message-ID in IMDN
Eric Rescorla <ekr@networkresonance.com> Thu, 15 May 2008 18:50 UTC
Return-Path: <ietf-bounces@ietf.org>
X-Original-To: ietf-archive@megatron.ietf.org
Delivered-To: ietfarch-ietf-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 64C3C3A6972; Thu, 15 May 2008 11:50:05 -0700 (PDT)
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6D99A3A6972; Thu, 15 May 2008 11:50:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.983
X-Spam-Level:
X-Spam-Status: No, score=-1.983 tagged_above=-999 required=5 tests=[AWL=0.616, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hMh3ReGFe-De; Thu, 15 May 2008 11:50:02 -0700 (PDT)
Received: from romeo.rtfm.com (romeo.rtfm.com [74.95.2.173]) by core3.amsl.com (Postfix) with ESMTP id B46473A6895; Thu, 15 May 2008 11:50:02 -0700 (PDT)
Received: from romeo.rtfm.com (localhost.rtfm.com [127.0.0.1]) by romeo.rtfm.com (Postfix) with ESMTP id 6BA8F5081A; Thu, 15 May 2008 11:53:34 -0700 (PDT)
Date: Thu, 15 May 2008 11:53:34 -0700
From: Eric Rescorla <ekr@networkresonance.com>
To: Frank Ellermann <hmdmhdfmhdjmzdtjmzdtzktdkztdjz@gmail.com>
Subject: Re: Randomness of Message-ID in IMDN
In-Reply-To: <g0hor4$frm$2@ger.gmane.org>
References: <20080503211234.0377B5081A@romeo.rtfm.com> <C5B56A4A-1901-41F6-B47E-C04F51D813E6@standardstrack.com> <20080514154217.28E375081A@romeo.rtfm.com> <28AB2CB7-DE19-42B0-906C-2D900FEDFB1A@standardstrack.com> <20080514172556.2819F5081A@romeo.rtfm.com> <g0hor4$frm$2@ger.gmane.org>
User-Agent: Wanderlust/2.14.0 (Africa) Emacs/21.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Message-Id: <20080515185334.6BA8F5081A@romeo.rtfm.com>
Cc: ietf@ietf.org, simple@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org
At Thu, 15 May 2008 18:37:51 +0200, Frank Ellermann wrote: > > Eric Rescorla wrote: > > > As I understand the situation, the sender the only person > > who has to rely on the uniqueness of this header, right? > > Hi, I have not the faintest idea what you are talking about, > but if it is in any way related to the 2822upd concept of > a Message-ID "worldwide unique forever" is no nonsense as > soon as a Message-ID passes mail2news gateways, and/or is > used in an Archived-At URL. I admit that I only spent a little while examining this, so perhaps Eric Burger can give a more definitive answer. However, looking at the examples in -07, it sure looks to me like message ids are not intended to be globally unique forever, since, since they're way too short. > | The Message-ID header field contains a unique message identifier. > | Netnews is more dependent on message identifier uniqueness and fast > | comparison than Email is > [...] > | The global uniqueness requirement for <msg-id> in [RFC2822] > | is to be understood as applying across all protocols using > | such message identifiers, and across both Email and Netnews > | in particular. > > > (2) It is prohibitive for an attacker who has seen one or more > > valid Message-IDs to generate additional valid Message-IDs. > > That would match pseudo-random number, but a "worldwide unique > forever" Message-ID can boil down to timestamp @ domain (plus > magic to avoid collisions for various Message-ID generators > for a given domain or subdomain). I'm not sure I get the point you're trying to make here. Yes, if you want to have unforgeability this is a stronger requirement than worldwide uniquness. -Ekr _______________________________________________ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
- Re-review of draft-ietf-simple-imdn Eric Rescorla
- Re: Re-review of draft-ietf-simple-imdn Eric Burger
- Re: Re-review of draft-ietf-simple-imdn Eric Rescorla
- Randomness of Message-ID in IMDN Eric Burger
- Re: Randomness of Message-ID in IMDN Eric Rescorla
- Re: Randomness of Message-ID in IMDN Eric Burger
- Re: Randomness of Message-ID in IMDN Frank Ellermann
- Re: Re-review of draft-ietf-simple-imdn Frank Ellermann
- Re: Randomness of Message-ID in IMDN Eric Rescorla
- Re: Randomness of Message-ID in IMDN Frank Ellermann
- Re: Randomness of Message-ID in IMDN Eric Burger