IETF Logo Mail Archive

Re: Pseudorandom Flow Labels

Fernando Gont <fernando@gont.com.ar> Wed, 06 April 2011 18:20 UTC

Return-Path: <fernando.gont.netbook.win@gmail.com>
X-Original-To: ipv6@core3.amsl.com
Delivered-To: ipv6@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 96C0C28C101 for <ipv6@core3.amsl.com>; Wed, 6 Apr 2011 11:20:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NGs8PP6KFH9G for <ipv6@core3.amsl.com>; Wed, 6 Apr 2011 11:20:32 -0700 (PDT)
Received: from mail-yw0-f44.google.com (mail-yw0-f44.google.com [209.85.213.44]) by core3.amsl.com (Postfix) with ESMTP id 4AACD28C106 for <ipv6@ietf.org>; Wed, 6 Apr 2011 11:20:32 -0700 (PDT)
Received: by ywi6 with SMTP id 6so807442ywi.31 for <ipv6@ietf.org>; Wed, 06 Apr 2011 11:22:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:sender:message-id:date:from:user-agent :mime-version:to:cc:subject:references:in-reply-to :x-enigmail-version:openpgp:content-type:content-transfer-encoding; bh=6HsPU3d3c3KYDPEEqIPNCX2ykG0FQQFEkzrvtUlOjcM=; b=GgrWch572fvdQybcRRz5k4JZhq5fA6AEknetU7wLEJbWwP+LAjbSBUvzTrQIJvcvQw TDi+TN3u8s6GuhtYlPAhg+7tr50gyqXRrEHG8B5XbTa0ZNqM0+HaqHk2ypljcp44ztIv sVgePnEfxBRPQcRLNbVNq/RnIuYp+AjOtEYqc=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:x-enigmail-version:openpgp:content-type :content-transfer-encoding; b=OnJNuevieOOW0fOKQhjf8DY/MJwU3VgMIWG3BkVx1prBY5U4/N1Qm6iDlqQYBZo+K6 D0waOGTKYSFniPAKX8/wf3mjM2wqCV1kkILIZGgNUkbqpayjo0FWuFZkou0McxiY73X6 76S8JBkYD37KSApwT4eHGvJfo4PGbapqlc9Sk=
Received: by 10.150.193.10 with SMTP id q10mr2092890ybf.413.1302114136038; Wed, 06 Apr 2011 11:22:16 -0700 (PDT)
Received: from [192.168.123.101] ([190.48.201.131]) by mx.google.com with ESMTPS id p33sm803648ybk.2.2011.04.06.11.22.13 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 06 Apr 2011 11:22:15 -0700 (PDT)
Sender: Fernando Gont <fernando.gont.netbook.win@gmail.com>
Message-ID: <4D9CAF52.9050805@gont.com.ar>
Date: Wed, 06 Apr 2011 15:22:10 -0300
From: Fernando Gont <fernando@gont.com.ar>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.8) Gecko/20100802 Thunderbird/3.1.2
MIME-Version: 1.0
To: Thomas Narten <narten@us.ibm.com>
Subject: Re: Pseudorandom Flow Labels
References: <BD901061-96AC-4915-B7CE-2BC1F70861A5@castlepoint.net> <201104052036.p35KaoHV019253@cichlid.raleigh.ibm.com>
In-Reply-To: <201104052036.p35KaoHV019253@cichlid.raleigh.ibm.com>
X-Enigmail-Version: 1.1.1
OpenPGP: id=D076FFF1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: 6man List <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Apr 2011 18:20:33 -0000

Thomas,

On 05/04/2011 05:36 p.m., Thomas Narten wrote:
> Case in point about how we are being *extremely* loose in using the
> term "pseudo random".
[....]
> Part of my objection to the term "pseudo random" is that the term has
> not been defined within the context of the Flow Label.

You raise a very good point, indeed. For instance, when we talk about
e.g. "port randomization", we're really talking about "producing port
numbers that are unpredictable by off-path attackers".

To make this terminology issue worse, it has been argued a few times (by
some mathematician IETFers) that the properties that we need for the
"hash" functions in the hash-based algorithms are really that of PRFs
(Pseudo Random Functions) (i.e., hash functions being a specific example).

In summary, I agree with the terminology issue that you've raised. I'd
probably argue that the best way to go is to specify which properties we
want for Flow Labels, such as they have been specified for port numbers
in RFC 6056. Namely:

* We want Flow Labels that unpredictable by off-path attackers (history
has taught us that this is a good proactive measure)
* We want an algorithm for generating FL that produces FLs that do not
repeat with a high frequency (i.e., they are distributed normally)

One possible algorithm for achieving these properties is calling a
random()-like function. But there are others, such as the hash-based
algorithms specified in draft-gont-6man-flowlabel-security.

Thanks,
-- 
Fernando Gont
e-mail: fernando@gont.com.ar || fgont@acm.org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1

v2.23.0 | Report a Bug | By Email