Re: 'monotonic increasing'

["Tom.Petch" <sisyphus@dial.pipex.com>]

Elwyn

To be more concrete, I have some 1800 RFC readily available and find monotonic
in 54 of them from RFC677 (1975) to RFC4303.

Plucking a few at random, RFC3412 (SNMP) suggests that monotonic increasing
would avoid reuse while RFC2406 (IPsec) suggests monotonic increasing can be
used in the context of replay attacks.  (I accept that in the latter, as in many
cases, understanding the context, the whole document or set of RFC, does imply
that the sequence should be strictly increasing).  RFC2679 (IPPM) is more
mathematical in its approach, where I would expect the term to be informed by
its use in mathematical textbooks, but it appears not to be

Tom Petch

----- Original Message -----
From: "Elwyn Davies" <elwynd@dial.pipex.com>
To: "Tom.Petch" <sisyphus@dial.pipex.com>
Cc: "ietf" <ietf@ietf.org>
Sent: Friday, February 17, 2006 8:19 PM
Subject: Re: 'monotonic increasing'


> Hi.
>
> Tom.Petch wrote:
> > The phrase 'monotonic increasing' seems to be a Humpty-Dumpty one, used with
a
> > different sense within RFC to that which I see defined elsewhere; and this
> > could lead to a reduction in security.
> >
> > Elsewhere - dictionaries, encyclopaedia, text books -  I see it
> > defined so that when applied to a sequence of numbers, then each number is
not
> > less than its predecessor, so that
> > 1 1 1 1 1 1 1 1 1 1
> > 1 1 2 3 5 8 13
> > 1 2.71828 3.14159 4.18 42
> > are all monotonic increasing sequences whereas
> > 1 2 3 4 5 6 7 9 8 10
> > is not.
> >
> On the definition of monotonic increasing: I just checked my memory with
> my copy of Apostol (Mathematical Analysis, vintage 1968 or so) and
> monotonic increasing implies element (n+1) greater than or equal to
> element n for all n.  'Strictly monotonic increasing' implies greater
> than.  On line
> http://www-history.mcs.st-and.ac.uk/~john/analysis/Lectures/L8.html
> confirms this.
> > Within RFC, mostly those related to security or network management, the
context
> > of its use implies, in addition, one or more of
> > a) each number in the sequence is different (as in number used once)
> > b) each number is an integer
> > c) each number is one greater than its predecessor (as in message
sequencing) .
> >
> > Most likely, an implementation that conforms to the rest of the world
definition
> > would interwork with one that conforms to the RFC one, but with some loss of
> > security, since numbers that are intended to be used only once could be
reused.
> >
> > Q1) Can anyone point me to an authoritative source that endorses the RFC
usage?
> >
> > Q2) Even so, since the  rest of the world usage seems to be so widely
defined,
> > should we change our terminology, eg specifying seqences to be strictly
> > increasing when that is what is needed?
> >
> >
> I just did a full text search of all the RFCs using the zvon repository
> which covers up to RFC3999.  the fragment 'monotonic' (including
> 'monotonically') appears in RFCs 1323, 1379, 1644, 1889, 2326, 2681,
> 3571 and 3550.  All these cases (either about timestamps or TCP sequence
> numbers)  appear to use monotonically increasing in line with the
> mathematical definition although it is possible that a couple of them
> (e.g., RFC3571, s4) ought to use strictly monotonic, although the usage
> is clear from the additional words.
>
> In many cases the phraseology is explicitly used because the sequence
> (of tiimestamps used, for example)  does not have every possible integer
> represented.
>
> Do you have a concrete example of your problem?
>
> Regards,
> Elwyn
> >  Tom Petch
> >
> >
> > _______________________________________________
> > Ietf mailing list
> > Ietf@ietf.org
> > https://www1.ietf.org/mailman/listinfo/ietf
> >


_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf