Re: Randomness of Message-ID in IMDN
Eric Burger <eburger@standardstrack.com> Wed, 14 May 2008 23:02 UTC
Return-Path: <ietf-bounces@ietf.org>
X-Original-To: ietf-archive@megatron.ietf.org
Delivered-To: ietfarch-ietf-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9848A3A6984; Wed, 14 May 2008 16:02:33 -0700 (PDT)
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4D2AB3A687B; Wed, 14 May 2008 16:02:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.592
X-Spam-Level:
X-Spam-Status: No, score=-1.592 tagged_above=-999 required=5 tests=[AWL=1.007, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n9a1Z0zt0cWr; Wed, 14 May 2008 16:01:54 -0700 (PDT)
Received: from gs19.inmotionhosting.com (gs19b.inmotionhosting.com [66.117.3.189]) by core3.amsl.com (Postfix) with ESMTP id 1A4993A6811; Wed, 14 May 2008 16:01:54 -0700 (PDT)
Received: from [124.17.15.2] (port=47944 helo=[172.31.13.19]) by gs19.inmotionhosting.com with esmtps (TLSv1:AES128-SHA:128) (Exim 4.68) (envelope-from <eburger@standardstrack.com>) id 1JwPxJ-0002pi-5a; Wed, 14 May 2008 16:00:21 -0700
Message-Id: <F842670E-D194-419D-9BCF-9EFA5DFFF4DF@standardstrack.com>
From: Eric Burger <eburger@standardstrack.com>
To: Eric Rescorla <ekr@networkresonance.com>, Hisham Khartabil <hisham.khartabil@gmail.com>
In-Reply-To: <20080514172556.2819F5081A@romeo.rtfm.com>
Mime-Version: 1.0 (Apple Message framework v912)
Subject: Re: Randomness of Message-ID in IMDN
Date: Thu, 15 May 2008 07:00:20 +0800
References: <20080503211234.0377B5081A@romeo.rtfm.com> <C5B56A4A-1901-41F6-B47E-C04F51D813E6@standardstrack.com> <20080514154217.28E375081A@romeo.rtfm.com> <28AB2CB7-DE19-42B0-906C-2D900FEDFB1A@standardstrack.com> <20080514172556.2819F5081A@romeo.rtfm.com>
X-Mailer: Apple Mail (2.912)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - gs19.inmotionhosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - standardstrack.com
X-Source:
X-Source-Args:
X-Source-Dir:
Cc: secdir@mit.edu, ietf@ietf.org, simple@ietf.org, iesg@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org
I think the proposed wording is excellent. Unless there is objection (PLEASE take it to the SIMPLE list if one does, or wish to +1 it), I would offer we use this language exactly. On May 15, 2008, at 1:25 AM, Eric Rescorla wrote: > At Thu, 15 May 2008 00:25:38 +0800, > Eric Burger wrote: >> Thanks for your very, very quick review! On the one open item for >> discussion, Message-ID, I would offer (1) it is not a do-or-die >> situation but that (2) using a cryptographically secure random number >> generator. achieves the same result with better properties. Again, I >> will defer back to you: I know the work group will push back strong >> if >> a cryptographically secure random number generator is a resource hog. >> >> Are there memory / CPU efficient cryptographically secure random >> number generators? > > Yes. For instance, the NIST SP 800-90 PRNG requires order > 256-512 bits of internal state and two hash operations for > every hash-sized (160-512 bits) chunk of output. I would > just use OpenSSL's cryptographically secure PRNG myself :) > > >> Should we give guidance to the range of numbers >> (i.e., 32-bits, 512-bits, 6 digits, etc.)? > > As I understand the situation, the sender the only person who has > to rely on the uniqueness of this header, right? > > > I would suggest instead of recommending a given number you explain > what the issues are and why this has to be unpredictable. Perhaps > something like this: > > Because the Message-ID is used by the sender to correlate IMDNs with > their respective IMs, the Message-ID MUST be selected so that: > > (1) There is a minimal chance of any two Message-IDs accidentally > colliding within the time period within which an IMDN might be > received. > > (2) It is prohibitive for an attacker who has seen one or more valid > Message-IDs to generate additional valid Message-IDs. > > The first requirement is a correctness requirement to ensure correct > matching. The second requirement prevents off-path attackers from > forging IMDNs. In order to meet both of these requirements, it is > RECOMMENDED that Message-IDs be generated using a cryptographically > secure pseudorandom number generator (see [RFC 4086] and contain at > least 64 bits of randomness, thus reducing the chance of a > successful guessing attack to n/2^64, where n is the number of > outstanding valid messages. Another potential approach is to combine > a sequence number (providing uniqueness) with a cryptographic MAC > for unforgeability. > > Cheers, > -Ekr > > > > _______________________________________________ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
- Re-review of draft-ietf-simple-imdn Eric Rescorla
- Re: Re-review of draft-ietf-simple-imdn Eric Burger
- Re: Re-review of draft-ietf-simple-imdn Eric Rescorla
- Randomness of Message-ID in IMDN Eric Burger
- Re: Randomness of Message-ID in IMDN Eric Rescorla
- Re: Randomness of Message-ID in IMDN Eric Burger
- Re: Randomness of Message-ID in IMDN Frank Ellermann
- Re: Re-review of draft-ietf-simple-imdn Frank Ellermann
- Re: Randomness of Message-ID in IMDN Eric Rescorla
- Re: Randomness of Message-ID in IMDN Frank Ellermann
- Re: Randomness of Message-ID in IMDN Eric Burger