Martin Stiemerling's No Objection on draft-ietf-6man-stable-privacy-addresses-16: (with COMMENT)
"Martin Stiemerling" <mls.ietf@gmail.com> Mon, 20 January 2014 10:10 UTC
Return-Path: <mls.ietf@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A13FF1A00D6; Mon, 20 Jan 2014 02:10:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.301
X-Spam-Level: **
X-Spam-Status: No, score=2.301 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_ADSP_CUSTOM_MED=0.001, FREEMAIL_FROM=0.001, MANGLED_OFF=2.3] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 30i__GH6znll; Mon, 20 Jan 2014 02:10:20 -0800 (PST)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 8AA331A00C5; Mon, 20 Jan 2014 02:10:20 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: Martin Stiemerling <mls.ietf@gmail.com>
To: The IESG <iesg@ietf.org>
Subject: Martin Stiemerling's No Objection on draft-ietf-6man-stable-privacy-addresses-16: (with COMMENT)
X-Test-IDTracker: no
X-IETF-IDTracker: 4.90.p2
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20140120101020.1584.34146.idtracker@ietfa.amsl.com>
Date: Mon, 20 Jan 2014 02:10:20 -0800
Cc: 6man-chairs@tools.ietf.org, ipv6@ietf.org, draft-ietf-6man-stable-privacy-addresses@tools.ietf.org
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.15
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Jan 2014 10:10:21 -0000
Martin Stiemerling has entered the following ballot position for draft-ietf-6man-stable-privacy-addresses-16: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to http://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: http://datatracker.ietf.org/doc/draft-ietf-6man-stable-privacy-addresses/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Section 2., paragraph 4: > Note that the result of F() in the algorithm above is no more secure > than the secret key. If an attacker is aware of the PRF that is > being used by the victim (which we should expect), and the attacker > can obtain enough material (i.e. addresses configured by the victim), > the attacker may simply search the entire secret-key space to find > matches. To protect against this, the secret key should be of a > reasonable length. Key lengths of at least 128 bits should be > adequate. The secret key is initialized at system installation time > to a pseudo-random number, thus allowing this mechanism to be enabled > /used automatically, without user intervention. Isn't there a requirement (MUST) or at least a recommendation (RECOMMENDED) to say something about the minimum length of the secret key? Just to let implementers know from what length on the secret is 'safe' as input?
- Martin Stiemerling's No Objection on draft-ietf-6… Martin Stiemerling
- Re: Martin Stiemerling's No Objection on draft-ie… Fernando Gont
- Re: Martin Stiemerling's No Objection on draft-ie… Martin Stiemerling