IETF Logo Mail Archive

Re: Randomness of Message-ID in IMDN

Eric Burger <eburger@standardstrack.com> Wed, 14 May 2008 23:02 UTC

Return-Path: <ietf-bounces@ietf.org>
X-Original-To: ietf-archive@megatron.ietf.org
Delivered-To: ietfarch-ietf-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9848A3A6984; Wed, 14 May 2008 16:02:33 -0700 (PDT)
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4D2AB3A687B; Wed, 14 May 2008 16:02:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.592
X-Spam-Level:
X-Spam-Status: No, score=-1.592 tagged_above=-999 required=5 tests=[AWL=1.007, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n9a1Z0zt0cWr; Wed, 14 May 2008 16:01:54 -0700 (PDT)
Received: from gs19.inmotionhosting.com (gs19b.inmotionhosting.com [66.117.3.189]) by core3.amsl.com (Postfix) with ESMTP id 1A4993A6811; Wed, 14 May 2008 16:01:54 -0700 (PDT)
Received: from [124.17.15.2] (port=47944 helo=[172.31.13.19]) by gs19.inmotionhosting.com with esmtps (TLSv1:AES128-SHA:128) (Exim 4.68) (envelope-from <eburger@standardstrack.com>) id 1JwPxJ-0002pi-5a; Wed, 14 May 2008 16:00:21 -0700
Message-Id: <F842670E-D194-419D-9BCF-9EFA5DFFF4DF@standardstrack.com>
From: Eric Burger <eburger@standardstrack.com>
To: Eric Rescorla <ekr@networkresonance.com>, Hisham Khartabil <hisham.khartabil@gmail.com>
In-Reply-To: <20080514172556.2819F5081A@romeo.rtfm.com>
Mime-Version: 1.0 (Apple Message framework v912)
Subject: Re: Randomness of Message-ID in IMDN
Date: Thu, 15 May 2008 07:00:20 +0800
References: <20080503211234.0377B5081A@romeo.rtfm.com> <C5B56A4A-1901-41F6-B47E-C04F51D813E6@standardstrack.com> <20080514154217.28E375081A@romeo.rtfm.com> <28AB2CB7-DE19-42B0-906C-2D900FEDFB1A@standardstrack.com> <20080514172556.2819F5081A@romeo.rtfm.com>
X-Mailer: Apple Mail (2.912)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - gs19.inmotionhosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - standardstrack.com
X-Source:
X-Source-Args:
X-Source-Dir:
Cc: secdir@mit.edu, ietf@ietf.org, simple@ietf.org, iesg@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org

I think the proposed wording is excellent.  Unless there is objection  
(PLEASE take it to the SIMPLE list if one does, or wish to +1 it), I  
would offer we use this language exactly.

On May 15, 2008, at 1:25 AM, Eric Rescorla wrote:

> At Thu, 15 May 2008 00:25:38 +0800,
> Eric Burger wrote:
>> Thanks for your very, very quick review!  On the one open item for
>> discussion, Message-ID, I would offer (1) it is not a do-or-die
>> situation but that (2) using a cryptographically secure random number
>> generator. achieves the same result with better properties.  Again, I
>> will defer back to you: I know the work group will push back strong  
>> if
>> a cryptographically secure random number generator is a resource hog.
>>
>> Are there memory / CPU efficient cryptographically secure random
>> number generators?
>
> Yes. For instance, the NIST SP 800-90 PRNG requires order
> 256-512 bits of internal state and two hash operations for
> every hash-sized (160-512 bits) chunk of output. I would
> just use OpenSSL's cryptographically secure PRNG myself :)
>
>
>> Should we give guidance to the range of numbers
>> (i.e., 32-bits, 512-bits, 6 digits, etc.)?
>
> As I understand the situation, the sender the only person who has
> to rely on the uniqueness of this header, right?
>
>
> I would suggest instead of recommending a given number you explain
> what the issues are and why this has to be unpredictable.  Perhaps
> something like this:
>
>  Because the Message-ID is used by the sender to correlate IMDNs with
>  their respective IMs, the Message-ID MUST be selected so that:
>
>  (1) There is a minimal chance of any two Message-IDs accidentally
>  colliding within the time period within which an IMDN might be
>  received.
>
>  (2) It is prohibitive for an attacker who has seen one or more valid
>  Message-IDs to generate additional valid Message-IDs.
>
>  The first requirement is a correctness requirement to ensure correct
>  matching. The second requirement prevents off-path attackers from
>  forging IMDNs. In order to meet both of these requirements, it is
>  RECOMMENDED that Message-IDs be generated using a cryptographically
>  secure pseudorandom number generator (see [RFC 4086] and contain at
>  least 64 bits of randomness, thus reducing the chance of a
>  successful guessing attack to n/2^64, where n is the number of
>  outstanding valid messages. Another potential approach is to combine
>  a sequence number (providing uniqueness) with a cryptographic MAC
>  for unforgeability.
>
> Cheers,
> -Ekr
>
>
>
>

_______________________________________________
IETF mailing list
IETF@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

v2.23.0 | Report a Bug | By Email