Re: [Last-Call] Last Call: <draft-gont-numeric-ids-sec-considerations-06.txt> (Security Considerations for Transient Numeric Identifiers Employed in Network Protocols) to Best Current Practice
Fernando Gont <fgont@si6networks.com> Thu, 17 December 2020 01:04 UTC
Return-Path: <fgont@si6networks.com>
X-Original-To: last-call@ietfa.amsl.com
Delivered-To: last-call@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76C4E3A1337; Wed, 16 Dec 2020 17:04:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZLpZb4J8UbQa; Wed, 16 Dec 2020 17:04:43 -0800 (PST)
Received: from fgont.go6lab.si (fgont.go6lab.si [91.239.96.14]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5EB7C3A09AC; Wed, 16 Dec 2020 17:04:41 -0800 (PST)
Received: from [10.0.0.129] (unknown [186.19.8.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id CFBA0283C4E; Thu, 17 Dec 2020 01:04:37 +0000 (UTC)
To: Joe Touch <touch@strayalpha.com>, Eric Rescorla <ekr@rtfm.com>
Cc: last-call@ietf.org, draft-gont-numeric-ids-sec-considerations@ietf.org
References: <CABcZeBPTk0zrm6iwJOiac6N7w_jYhtkoX3HeBci9tZ_Y8=uKVw@mail.gmail.com> <0FA1DBD3-8E38-4F0E-A8CC-725053B64CB8@strayalpha.com>
From: Fernando Gont <fgont@si6networks.com>
Message-ID: <38ad33f9-3f79-dc3f-6919-b07fb5a499f4@si6networks.com>
Date: Wed, 16 Dec 2020 22:04:05 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <0FA1DBD3-8E38-4F0E-A8CC-725053B64CB8@strayalpha.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/last-call/4HtjMHB8PEqriIciLEdh7sDmQCE>
Subject: Re: [Last-Call] Last Call: <draft-gont-numeric-ids-sec-considerations-06.txt> (Security Considerations for Transient Numeric Identifiers Employed in Network Protocols) to Best Current Practice
X-BeenThere: last-call@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Last Calls <last-call.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/last-call>, <mailto:last-call-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/last-call/>
List-Post: <mailto:last-call@ietf.org>
List-Help: <mailto:last-call-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/last-call>, <mailto:last-call-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Dec 2020 01:04:47 -0000
On 13/12/20 19:47, Joe Touch wrote: > > >> On Dec 13, 2020, at 1:54 PM, Eric Rescorla <ekr@rtfm.com> wrote: >> >> My position is that modern practice is to design protocols that have encryption >> (this is strongly encouraged by RFC 7258 and also is just what we're doing) >> and this document neither (a) engages with that nor (b) provides particularly >> helpful guidance for encrypted protoco > > +1 > > I don’t like the idea of over-specification to provide partial privacy or security. It's quite the opposite. Our document requires specifications to spell out the interoperability requirements, because quite too often speficiations specify things they need not. For example, the QUIC spec specifies sequence numbers start at 0. *That* is an over specification. Because sequence numbers need not start at zero. We simply require that specifications spell out the interoperability requirements for their identifiers, that they do a security and privacy analysis for them, and that they suggest one possible algorithm that would be well suited to generate the IDs, such that every implementer is not left to solve the question "now, what the heck should I use to generate these identifiers?". Thanks, -- Fernando Gont SI6 Networks e-mail: fgont@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Joe Touch
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Russ Housley
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Benjamin Kaduk
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Russ Housley
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Eliot Lear
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Eliot Lear
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Russ Housley
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Russ Housley
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Iván Arce (Quarkslab)
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Russ Housley
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Eric Rescorla
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Iván Arce (Quarkslab)
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Eric Rescorla
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Eric Rescorla
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Benjamin Kaduk
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Benjamin Kaduk
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Iván Arce (Quarkslab)
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Joseph Touch
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Iván Arce (Quarkslab)
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Russ Housley
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Joseph Touch
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Christian Huitema
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Iván Arce (Quarkslab)
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Christian Huitema
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Christian Huitema
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Martin Thomson
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- [Last-Call] Fwd: Re: Last Call: <draft-gont-numer… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Martin Thomson
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Martin Thomson
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Iván Arce (Quarkslab)
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Joseph Touch
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Ted Lemon
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Joseph Touch
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Ted Lemon
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Joe Touch
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Joe Touch
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Joseph Touch
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Joseph Touch
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Iván Arce (Quarkslab)
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Christian Huitema
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Iván Arce (Quarkslab)
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Iván Arce (Quarkslab)
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Theo de Raadt
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Eric Rescorla
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Paul Wouters
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Paul Wouters
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont