Re: Martin Stiemerling's No Objection on draft-ietf-6man-stable-privacy-addresses-16: (with COMMENT)
Fernando Gont <fernando@gont.com.ar> Mon, 20 January 2014 10:43 UTC
Return-Path: <fernando@gont.com.ar>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 09E731A00FC; Mon, 20 Jan 2014 02:43:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 3.098
X-Spam-Level: ***
X-Spam-Status: No, score=3.098 tagged_above=-999 required=5 tests=[BAYES_50=0.8, MANGLED_OFF=2.3, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L4FhSwCXepv5; Mon, 20 Jan 2014 02:43:28 -0800 (PST)
Received: from web01.jbserver.net (web01.jbserver.net [IPv6:2a00:d10:2000:e::3]) by ietfa.amsl.com (Postfix) with ESMTP id 0C7D61A00FA; Mon, 20 Jan 2014 02:43:27 -0800 (PST)
Received: from 6-154-16-190.fibertel.com.ar ([190.16.154.6] helo=[192.168.3.102]) by web01.jbserver.net with esmtpsa (TLSv1:DHE-RSA-CAMELLIA256-SHA:256) (Exim 4.82) (envelope-from <fernando@gont.com.ar>) id 1W5CKB-0005dY-4x; Mon, 20 Jan 2014 11:43:23 +0100
Message-ID: <52DCFDC1.3080100@gont.com.ar>
Date: Mon, 20 Jan 2014 07:43:13 -0300
From: Fernando Gont <fernando@gont.com.ar>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: Martin Stiemerling <mls.ietf@gmail.com>, The IESG <iesg@ietf.org>
Subject: Re: Martin Stiemerling's No Objection on draft-ietf-6man-stable-privacy-addresses-16: (with COMMENT)
References: <20140120101020.1584.34146.idtracker@ietfa.amsl.com>
In-Reply-To: <20140120101020.1584.34146.idtracker@ietfa.amsl.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: 6man-chairs@tools.ietf.org, ipv6@ietf.org, draft-ietf-6man-stable-privacy-addresses@tools.ietf.org
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Jan 2014 10:43:30 -0000
Hi, Martin, Thanks so much for your review! Please find my comments in-line... On 01/20/2014 07:10 AM, Martin Stiemerling wrote: > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Section 2., paragraph 4: > >> Note that the result of F() in the algorithm above is no more > secure >> than the secret key. If an attacker is aware of the PRF that is >> being used by the victim (which we should expect), and the attacker >> can obtain enough material (i.e. addresses configured by the > victim), >> the attacker may simply search the entire secret-key space to find >> matches. To protect against this, the secret key should be of a >> reasonable length. Key lengths of at least 128 bits should be >> adequate. The secret key is initialized at system installation > time >> to a pseudo-random number, thus allowing this mechanism to be > enabled >> /used automatically, without user intervention. > > Isn't there a requirement (MUST) or at least a recommendation > (RECOMMENDED) to say something about the minimum length of the secret > key? Just to let implementers know from what length on the secret is > 'safe' as input? I think we could change: "To protect against this, the secret key should be of a reasonable length. Key lengths of at least 128 bits should be adequate." to: "To protect against this, the secret key SHOULD be of at least 128 bits." However, this is intertwined with the choice of F(), which we're not specifying (since it represents a tradeoff). So, while I see your point, I'm not sure whether that would make sense. Thoughts? Thanks! Best regards, -- Fernando Gont e-mail: fernando@gont.com.ar || fgont@si6networks.com PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
- Martin Stiemerling's No Objection on draft-ietf-6… Martin Stiemerling
- Re: Martin Stiemerling's No Objection on draft-ie… Fernando Gont
- Re: Martin Stiemerling's No Objection on draft-ie… Martin Stiemerling