Stephen Farrell's Discuss on draft-ietf-6man-stable-privacy-addresses-16: (with DISCUSS and COMMENT)
"Stephen Farrell" <stephen.farrell@cs.tcd.ie> Thu, 23 January 2014 00:10 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 642501A01D6; Wed, 22 Jan 2014 16:10:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E1HXLJikapwi; Wed, 22 Jan 2014 16:10:35 -0800 (PST)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id D05431A0171; Wed, 22 Jan 2014 16:10:35 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
To: The IESG <iesg@ietf.org>
Subject: Stephen Farrell's Discuss on draft-ietf-6man-stable-privacy-addresses-16: (with DISCUSS and COMMENT)
X-Test-IDTracker: no
X-IETF-IDTracker: 4.90.p2
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20140123001035.19199.91573.idtracker@ietfa.amsl.com>
Date: Wed, 22 Jan 2014 16:10:35 -0800
Cc: 6man-chairs@tools.ietf.org, ipv6@ietf.org, draft-ietf-6man-stable-privacy-addresses@tools.ietf.org
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.15
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jan 2014 00:10:37 -0000
Stephen Farrell has entered the following ballot position for draft-ietf-6man-stable-privacy-addresses-16: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to http://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: http://datatracker.ietf.org/doc/draft-ietf-6man-stable-privacy-addresses/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- (0) Just modifying my disucss to discuss a part of Brian's discuss:-) I'm sure we'll sort it out easily enough though. I very much do not think that it'd be a good plan to store every address that has been generated using this algorithm. That would be making a privacy-enhancing feature damage privacy. See [1] for an example. [1] http://www.theguardian.com/technology/2011/apr/20/iphone-tracking-prompts-privacy-fears (1) Section 5: Why mention only MD5 and SHA1? Why not HMAC-SHA256? As-is, implementers are likely to get this wrong in various ways, e.g. allowing MD5 collisions to be generated on purpose with different inputs perhaps as a way to assign blame to an innocent victim. If HMAC-MD5 or better (*) HMAC-SHA256 were recommended instead, it is far more likley that implementers will do the right thing and it seems just as easy to do today's right thing as what's mentioned here. (*) Even though HMAC-MD5 is still ok, its better (for audit reasons) if we reduce the number of copies of MD5 runtime code on systems and do not introduce new instances of that code. (2) Why might a sys admin want to display the secret key? If there's a reason shouldn't you say so that coders don't do the wrong thing? The concern is that once established, this key might be re-used for other purposes and display might then become an interesting attack vector. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- - Probably not worth investigating, but I'd wonder if a bad-actor with the 64 bit prefix to play about with could force an IID on a node that used plain MD5 with a guessable or known secret_key. I don't think that's doable today but its yet another reason to avoid very outdated hash functions like md5. This is a non-issue if discuss#1 is resolved by ditching MD5.
- Stephen Farrell's Discuss on draft-ietf-6man-stab… Stephen Farrell
- Re: Stephen Farrell's Discuss on draft-ietf-6man-… Fernando Gont
- Re: Stephen Farrell's Discuss on draft-ietf-6man-… Simon Perreault
- Re: Stephen Farrell's Discuss on draft-ietf-6man-… Hannes Frederic Sowa
- Re: Stephen Farrell's Discuss on draft-ietf-6man-… Fernando Gont
- Re: Stephen Farrell's Discuss on draft-ietf-6man-… Fernando Gont
- Re: Stephen Farrell's Discuss on draft-ietf-6man-… Stephen Farrell
- Re: Stephen Farrell's Discuss on draft-ietf-6man-… Fernando Gont
- Re: Stephen Farrell's Discuss on draft-ietf-6man-… Stephen Farrell
- Stephen Farrell's Discuss on draft-ietf-6man-stab… Stephen Farrell
- Re: Stephen Farrell's Discuss on draft-ietf-6man-… Thomas Narten
- Re: Stephen Farrell's Discuss on draft-ietf-6man-… Eliot Lear
- Re: Stephen Farrell's Discuss on draft-ietf-6man-… Fernando Gont
- Re: Stephen Farrell's Discuss on draft-ietf-6man-… Fernando Gont
- Re: Stephen Farrell's Discuss on draft-ietf-6man-… Brian E Carpenter
- Re: Stephen Farrell's Discuss on draft-ietf-6man-… Fernando Gont
- RE: Stephen Farrell's Discuss on draft-ietf-6man-… Christian Huitema
- RE: Stephen Farrell's Discuss on draft-ietf-6man-… l.wood
- RE: Stephen Farrell's Discuss on draft-ietf-6man-… l.wood
- RE: Stephen Farrell's Discuss on draft-ietf-6man-… Christian Huitema
- Re: Stephen Farrell's Discuss on draft-ietf-6man-… Doug Barton