IETF Logo Mail Archive

Re: Randomness of Message-ID in IMDN

Eric Burger <eburger@standardstrack.com> Fri, 16 May 2008 22:24 UTC

Return-Path: <ietf-bounces@ietf.org>
X-Original-To: ietf-archive@megatron.ietf.org
Delivered-To: ietfarch-ietf-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6CDDF3A6964; Fri, 16 May 2008 15:24:31 -0700 (PDT)
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F1FAD3A6908; Fri, 16 May 2008 15:24:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id moBl66Twwttx; Fri, 16 May 2008 15:24:28 -0700 (PDT)
Received: from gs19.inmotionhosting.com (gs19b.inmotionhosting.com [66.117.3.189]) by core3.amsl.com (Postfix) with ESMTP id 163F33A68A0; Fri, 16 May 2008 15:24:28 -0700 (PDT)
Received: from [75.68.119.237] (port=63258 helo=[192.168.15.100]) by gs19.inmotionhosting.com with esmtps (TLSv1:AES128-SHA:128) (Exim 4.68) (envelope-from <eburger@standardstrack.com>) id 1Jx8Lc-0007tF-Vm; Fri, 16 May 2008 15:24:21 -0700
Message-Id: <68508BD2-FD7B-49A5-BB23-770F15A0FDC5@standardstrack.com>
From: Eric Burger <eburger@standardstrack.com>
To: Frank Ellermann <hmdmhdfmhdjmzdtjmzdtzktdkztdjz@gmail.com>
In-Reply-To: <20080515185334.6BA8F5081A@romeo.rtfm.com>
Mime-Version: 1.0 (Apple Message framework v919.2)
Subject: Re: Randomness of Message-ID in IMDN
Date: Fri, 16 May 2008 18:24:19 -0400
References: <20080503211234.0377B5081A@romeo.rtfm.com> <C5B56A4A-1901-41F6-B47E-C04F51D813E6@standardstrack.com> <20080514154217.28E375081A@romeo.rtfm.com> <28AB2CB7-DE19-42B0-906C-2D900FEDFB1A@standardstrack.com> <20080514172556.2819F5081A@romeo.rtfm.com> <g0hor4$frm$2@ger.gmane.org> <20080515185334.6BA8F5081A@romeo.rtfm.com>
X-Mailer: Apple Mail (2.919.2)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - gs19.inmotionhosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - standardstrack.com
X-Source:
X-Source-Args:
X-Source-Dir:
Cc: ietf@ietf.org, simple@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org

Please piss on me, not the other Eric.  All he was doing was reviewing  
the draft.  It's not his fault.  Please don't punish him for doing good.

It is my fault that I did not copy the response to your comments  
directly to you.  The message is here:
http://www.ietf.org/mail-archive/web/simple/current/msg07855.html

You are absolutely correct: Message-ID *is* supposed to be like RFC  
2822 Message-ID, which means that it is supposed to be globally  
unique, which means the text is under specified and I need to fix  
that.  Thanks for catching that one.

On May 15, 2008, at 2:53 PM, Eric Rescorla wrote:

> At Thu, 15 May 2008 18:37:51 +0200,
> Frank Ellermann wrote:
>>
>> Eric Rescorla wrote:
>>
>>> As I understand the situation, the sender the only person
>>> who has to rely on the uniqueness of this header, right?
>>
>> Hi, I have not the faintest idea what you are talking about,
>> but if it is in any way related to the 2822upd concept of
>> a Message-ID "worldwide unique forever" is no nonsense as
>> soon as a Message-ID passes mail2news gateways, and/or is
>> used in an Archived-At URL.
>
> I admit that I only spent a little while examining this, so
> perhaps Eric Burger can give a more definitive answer. However,
> looking at the examples in -07, it sure looks to me like
> message ids are not intended to be globally unique forever,
> since, since they're way too short.
>
>
>> | The Message-ID header field contains a unique message identifier.
>> | Netnews is more dependent on message identifier uniqueness and fast
>> | comparison than Email is
>> [...]
>> | The global uniqueness requirement for <msg-id> in [RFC2822]
>> | is to be understood as applying across all protocols using
>> | such message identifiers, and across both Email and Netnews
>> | in particular.
>>
>>> (2) It is prohibitive for an attacker who has seen one or more
>>> valid  Message-IDs to generate additional valid Message-IDs.
>>
>> That would match pseudo-random number, but a "worldwide unique
>> forever" Message-ID can boil down to timestamp @ domain (plus
>> magic to avoid collisions for various Message-ID generators
>> for a given domain or subdomain).
>
> I'm not sure I get the point you're trying to make here. Yes,
> if you want to have unforgeability this is a stronger requirement
> than worldwide uniquness.
>
> -Ekr
>
>
>
>
> _______________________________________________
> IETF mailing list
> IETF@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf

_______________________________________________
IETF mailing list
IETF@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

v2.23.0 | Report a Bug | By Email