Re: [Last-Call] Last Call: <draft-gont-numeric-ids-sec-considerations-06.txt> (Security Considerations for Transient Numeric Identifiers Employed in Network Protocols) to Best Current Practice
"Iván Arce (Quarkslab)" <iarce@quarkslab.com> Fri, 11 December 2020 17:33 UTC
Return-Path: <iarce@quarkslab.com>
X-Original-To: last-call@ietfa.amsl.com
Delivered-To: last-call@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB6853A0D37; Fri, 11 Dec 2020 09:33:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=quarkslab.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4mzDFf2yVzl7; Fri, 11 Dec 2020 09:33:10 -0800 (PST)
Received: from mx5.quarkslab.com (mx5.quarkslab.com [163.172.30.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AEDD23A09C0; Fri, 11 Dec 2020 09:33:09 -0800 (PST)
Received: from [192.168.1.9] (unknown [186.189.238.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mx5.quarkslab.com (Postfix) with ESMTPSA id 4CsyYG07bhz7sVW; Fri, 11 Dec 2020 18:33:05 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=quarkslab.com; s=mail; t=1607707987; bh=GyL0zI30FzxZcCRygoZmwUPWtp3AJh5utAJL14ei1PE=; h=To:Cc:References:From:Subject:Date:In-Reply-To; b=inuRMCo5XInZwszhwaSClWpvUYPOgth40BfrmUSQ4xgAzeVhHq9xbxOfyrV6r26bo wAT1Ogg+Mo0W9vc97iht1ZmSgkUGaD9uCrmbqBABX7Scs3a+sJuyFxNNer2349+ac0 LQU9OQI4/r3I6Lw4C/VER5VWd0n0HSt0sSqKd9EA=
To: Russ Housley <housley@vigilsec.com>, Fernando Gont <fgont@si6networks.com>
Cc: last-call@ietf.org, draft-gont-numeric-ids-sec-considerations@ietf.org
References: <160735373732.25981.15176977559155786235@ietfa.amsl.com> <F438198F-34E2-4C9F-A32F-ACD58D9A6734@vigilsec.com> <9823c064-5d85-f141-fa8d-60abb7f70576@si6networks.com> <0ACD5E79-D8E5-42C0-88D1-5B642F402484@vigilsec.com>
From: "Iván Arce (Quarkslab)" <iarce@quarkslab.com>
Autocrypt: addr=iarce@quarkslab.com; prefer-encrypt=mutual; keydata= mQINBFj2A+gBEADEvq3Lr0svpsd/Lp92QS0kVsUX8gzPpegwuka1eYWnTHeq1wXcIYM/03BH bxK4lCjFPwu0ZHeZeCTweczMGB2/4GsMD4nT2uoVKlWhlRR3lCnmG49BmocNPmJUnu3S2Jw7 LZsEZhC/9x9ZebpV1C/FhEz3xQkOlCuZlJWRPiiX7DjaCCsCOGidWQijMpMJH0ihUhidSqpJ 47P79Dw8NhdV3ErUYkF0E5sVOrOK2/5Fq/x/EZE2aeSh8i43AryJt6Zke8MteEjuBcvSvuRI Teg1W+Fc9x9I/gYMntU6WJYZgEiwXZpPLT6bIk/l4+ebBzI2kMJ7LC5sdXem4cMUHpm+fBoi SNEs8Nbjrxfuw/Lx1JYFNPqoknahvwasW9U025xVpHnjuhVp4nPm/NlxWRGApeWJfFEEO/ga WKBirba/OxZciIxE5FotWlPNN9y8Ys/INUX/+Dg55ngcEYMm54ONT8wzcd8wcLmCiblWaDkx CQ0kqAS5tljTy5ZL0PSWafk4ZyUHWdFUYnG1fksPhYZqk9aKeHvhpZDqj1h069fOXp2hztvU /F7Y/ViZme+5eKCR7Msre2ZQuMT6n4LASPcSKDoRiWWRAa9/c4VsxPq0Hn0jfsg0WWdxOHf3 b5QbyZ64L5PBYS/WT/y9mwN51CSKowmEdbW+jEGHlrEgvXmxCQARAQABtCRJdmFuIEFyY2Ug KCVuKSA8aWFyY2VAcXVhcmtzbGFiLmNvbT6JAjgEEwEIACICGwMFCQlmAYAECwcJCAQVCAkK Ah4BAheABQJY9kjsAhkBAAoJEC/BrVM8ce7UwvIP/Ri55m+ljJ+v6KWj4uXeTb5L73TQ5T8d 4aeNiv/W3R39UGlhRxXzLiySKdrq6zqgIIAiEQ10Ebl8RGIrxy2yKIwFseZ6fmfK5xoqdO6x 9jbJ3aS5dqtHVX/dgDEVLTo2WGgS51CG6G/9qtrZqL+vQUeJnEUauAvlxy4m+48SC0JPVF5Q rzPJ+zKv58xwSfFKsTg2Aq4A7F4EuvOWCBlFTNAjXjXHfKSddsP3BrUTWSzfzwBVQZ9TJej3 YhNqSIWGugcT5aYei/b1taL4nDeORPszajDUkhQXri9IH5hMlsXOWMNlkYbUNU1vgzIg7b9x PzI7ZK3rObqMftHThCSteqwTkXSXuIHjdjNwfEuukHfLnYlUzjDQNnzn79pXnoJAGHkxmcwH J5E61o9VxMyzdvkCQn2qoNJeDDE3eLO7LKuJJiCBbpqj3Yz6AgkkJH9SCRdifV8vHit5QKJ0 RhQ3JAjW/iP1lpwWCUqaU3Iw1NNdPKcyr0SqHFneu6CMXJpFAuToJY5Lwm+UJFC+7Vmvt8Ty EYew1HYcbl81qnFDvn5Dg0SC3N3fP82uVPJDS1+3U0jReEgz+DzSdUmCX4uO8qnEfPVYSI4t dkoptG0/9vpIQyIXeN14bqvZDSyLrnXlXYrV7fET0U78Ky5bEXjjVKf1IyslsMPIyinJrFZJ 1RmLuQENBFj2IWABCADI/ZQH8BCuLvKNP8B9LNCudAipe+hD0LQnP10vhsUaCCGqEDh7y3+G FQHZ+7r0bHFsk1YRW+6agYK5y9pNA7k3k06/hY9uqPilJpQpduqwjT2FzCb7/68rOtdaBoLU j4oRLilovTCNL4uf/pX7F/fRqEZbOlZBZXshGaPuYZqTYMa3wOMSUpm03gN+yseRUJBLOJ4q hKfYeR5SaZxBAQHhJHc+wI4AQikZYC/uoAL8PNri5SMn8iHaZjxiQjzcdTEeSWZqWgQMPHKF o/8w84zhwj8T29scViJA4dQlTf6sDngXZaPy9e6FuNQ5TvMbEda3nukl5ZJ9LD0WZhN8hrvR ABEBAAGJAiUEGAEIAA8FAlj2IWACGwwFCQeEzgAACgkQL8GtUzxx7tTKYhAAjQrKCoeqxRii c5vlCfK+bR10ox0s1TzK+rmlFdy5GTfmnyOUEEXiZ1tyImfcjsFnrKHveMukYTYdGgCG30OP GWKsmLKY+vfG+uZVfwMoFvQnyovUJnITej5h2Nmqeked4ECP2nC7y0P3Or9DAm+NEJM9wGtr WcyY/t/3htQFXnlxiZJ8ZGyfconkXPR0zRpgoOvrg48D6npFTgZAv37vWI5PYAuvIlup8nhf 4H/2SRwAE1RQL1BC3aGlXvWrdQPpKaMBGln3ouCCVBgrFjkGbvCNw7YzMkF3O0LOMHfKNIM5 YQDW27DWrNRHFhsJL2piaAGA9UZ6ODfstfclKA5s1LB7v5eYzf3lnSYQRWnsOrLGcyOl/9EX fUXyYEs/ClNhhtAw4UCHn5Y0PycsV+qNtPdCr9gcxhwyZtuCE6OcZkzfJfNviZwbekjekQdI GtGn+CwP1/nmXRA1crGsYj0YyaSGIoz8jFMtKQQZbPWov7yxZ52MSIinD9NUisJZ2FAk5x0N Ma5LuZTq1nRG/mA/oY6JnOSnhPiJiuHh7K58O722NJYmKc/Zn8SBwBPgE7UNdkO9ePnNiTHh h9mulBJYUNMpljSimveSsZmVoKnjStp8LmiHA3by0rzY6kXPvqlnNfYAZHJ9Qm++eScAnfei K9H83o3FwSYfhUIZC2a/CCC5AQ0EWPYjnwEIANLC2x8T0iWNoxMDMZKY6CEyP82o3fNN0RwS vK6YMGnxSrDNe2OgLgtm+JlGtechfl4/QsO/glss4GlhFXkY/KIrMqrBXHBIglgs6ypjiNdY ywGcO/qiGL3SIWu4CF6EhI1tWcST/p4gGzNtMouJvo2SRPThEq8MIjlmzF+N1dAcnCWNyp0t WxlydPm4A+WbOUx9J0FRnM2yaINi5FjzVACbEbV+n4jjCyEIxNhGJoa8wEBD81C+Sej5cndG C4SP2Bg457/+VeKwS8cIOEQFbrKaoFS8z5mVprTReY2RpBI8uTZQMShxZktA5vzvmWTfHu0I Z+45jeuSmfrZw+dXXI0AEQEAAYkDRAQYAQgADwUCWPYjnwIbAgUJB4TOAAEpCRAvwa1TPHHu 1MBdIAQZAQgABgUCWPYjnwAKCRDXm/Ba36AuAhV0B/9xNUsfa4rsxH9UU/NqxqYSx+AZj82s Xkq1xjo0HkZ9NriwEVNazQHEC3Q2wwBo9uXiQcYU79RZQL9+cspbWCRAyx/htAydRMaMFT/3 WwOuQWGTGoA9UFk4th/ODwK7A0YGTzxaDMbR0AN4L/ht7wswzZoWn+76QwhbM+bazVJxBWDK ExfbRSkApFJrhoOxdtjM/lmT9IC7lf+j3CnnyLN4QcaYwykuCGdKToveJhRe++k6hgQldruz lbn015ftcO63wL/kd/gc6Zjx5HEDRiODcOEpa4o73S79TK86xBTqHxyJ+z/bXPoai6wgIOus vq2A7S2pUtv5mOwol2u6OD53iBYQAIqV4TQbW4IDbh26zKr5aevS/tcMSaFQEmO+MqwhK74g bVXkae/i4CBEtX7meq65OH1Ef8gqPHXrEZzom9x91qiPDxFhp9J47rZurd86U+zEWm6uhVBX Vj2IFJPxauXPDg4iKuSpgQ/GXM3KYJ/xuFNPQPbzvsZtk+Ut+jAWI23ATQWfBU9tMNAErPmS P4frKLUueHb9+kHkwLO0Re+tW4u8FyGiADC7pSPIrNH65ukMeZMpyU2909LBrDXq5A+/3xvD EFikQNkI96xLggfBAPbHuIuZIA9+VRC4q6p2oHHnbCvvbHm7Ybl+TXntU1+L4U1xd+ibvO9T X+75fsemS3GJPHtNGKHpBOhriUnub1QMHcXgP23cd8+7uDjBKVnRQahwwFyBT+1lrv98+ayu b/N6Z3nZkD4TM6aTwikfpK/KxzDY7ByGeFJg7bJo/oJM5QSA5CZOKn0wTLYn/71HeQ06I0GN sz5QdTHYaoZ89Uf49Eg4urFfhWk/drrbAVBexGIz5J9F7MdxJJ0xHSZQmQFgQh5W1NBLsw09 WZfOr2L2CPWasvoBMN4Q8gLfIjvVpVTYQKwRspcFiOfHh5moBzK2zAmjqw/vKMiKSV6nP1H1 LlEKY11ht4qsNjnCBDy6mu65ihFWANX7i9R4bGs84GGyG8ckq2+PWhizz2ilsz5p
Message-ID: <d6ab040d-f382-a55d-9d93-6068ff0ec97a@quarkslab.com>
Date: Fri, 11 Dec 2020 14:33:03 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <0ACD5E79-D8E5-42C0-88D1-5B642F402484@vigilsec.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/last-call/KHEy9iYUu3xiuxdHbcl9YYG2RmE>
Subject: Re: [Last-Call] Last Call: <draft-gont-numeric-ids-sec-considerations-06.txt> (Security Considerations for Transient Numeric Identifiers Employed in Network Protocols) to Best Current Practice
X-BeenThere: last-call@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Last Calls <last-call.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/last-call>, <mailto:last-call-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/last-call/>
List-Post: <mailto:last-call@ietf.org>
List-Help: <mailto:last-call-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/last-call>, <mailto:last-call-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Dec 2020 17:34:21 -0000
Hello Russ On 12/11/20 1:58 PM, Russ Housley wrote: >>> 2) The document is really about transient identifiers. It does not only apply to ones that are numeric. >> >> That's probably the case. However, the ones we assessed are all numeric identifiers. And those are the ones that we have analyzed in the companion document draft-irtf-pearg-numeric-ids-generation >> >> Just curious: what are the non-numeric transient identifiers you had in mind? > > You missed my point. I would not want someone to think that the guidance here in to relevant because the implementation uses a string variable. > > Russ I've missed it as well. Did you mean that the recommendations apply to any type of protocol object/field used as a transient identifier ? or that any transient identifier can be mapped to a number (its just a bit sequence after all) and therefore the "numeric" term is redundant ? /ivan -- Iván Arce CTO - Security Analysis Quarkslab
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Joe Touch
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Russ Housley
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Benjamin Kaduk
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Russ Housley
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Eliot Lear
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Eliot Lear
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Russ Housley
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Russ Housley
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Iván Arce (Quarkslab)
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Russ Housley
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Eric Rescorla
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Iván Arce (Quarkslab)
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Eric Rescorla
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Eric Rescorla
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Benjamin Kaduk
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Benjamin Kaduk
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Iván Arce (Quarkslab)
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Joseph Touch
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Iván Arce (Quarkslab)
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Russ Housley
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Joseph Touch
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Christian Huitema
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Iván Arce (Quarkslab)
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Christian Huitema
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Christian Huitema
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Martin Thomson
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- [Last-Call] Fwd: Re: Last Call: <draft-gont-numer… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Martin Thomson
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Martin Thomson
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Iván Arce (Quarkslab)
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Joseph Touch
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Ted Lemon
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Joseph Touch
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Ted Lemon
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Joe Touch
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Joe Touch
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Joseph Touch
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Joseph Touch
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Iván Arce (Quarkslab)
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Christian Huitema
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Iván Arce (Quarkslab)
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Iván Arce (Quarkslab)
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Theo de Raadt
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Eric Rescorla
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Paul Wouters
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Paul Wouters
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont