Re: [Last-Call] Last Call: <draft-gont-numeric-ids-sec-considerations-06.txt> (Security Considerations for Transient Numeric Identifiers Employed in Network Protocols) to Best Current Practice
"Iván Arce (Quarkslab)" <iarce@quarkslab.com> Fri, 18 December 2020 05:04 UTC
Return-Path: <iarce@quarkslab.com>
X-Original-To: last-call@ietfa.amsl.com
Delivered-To: last-call@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A26A3A0EC4; Thu, 17 Dec 2020 21:04:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.079
X-Spam-Level:
X-Spam-Status: No, score=-1.079 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, MISSING_HEADERS=1.021, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=quarkslab.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wWz-OjfFxZ8o; Thu, 17 Dec 2020 21:04:40 -0800 (PST)
Received: from mx5.quarkslab.com (mx5.quarkslab.com [163.172.30.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F2E923A0EBF; Thu, 17 Dec 2020 21:04:39 -0800 (PST)
Received: from [192.168.1.17] (unknown [186.189.239.219]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mx5.quarkslab.com (Postfix) with ESMTPSA id 4CxxcH6cnSz7sSM; Fri, 18 Dec 2020 06:04:31 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=quarkslab.com; s=mail; t=1608267872; bh=s55HImGMoipBWEC1xlYdotBHM+jLeBfTZVoj3kseT7I=; h=Cc:References:From:Subject:Date:In-Reply-To; b=FgACNCLAFAe0PqFX2dL6wsSObRh+7Av9gwV+HD3oBwvD5ljnjFDB6hdvsmifmH70N 64ffUjpEksxvK1CN5LlLae4zSoEGlyZS8zid88Dp9d3RSbpYTnxsQED8SkP+LPhBdP EzQQOFPlRuyMwXOsZQbjHhEG4MUydCdmZyd8a5bk=
Cc: Last Call <last-call@ietf.org>, draft-gont-numeric-ids-sec-considerations@ietf.org
References: <8b1394de-dce9-d467-b179-8528e4ec014f@si6networks.com> <54EE8BA5-4886-4324-A7B8-BEE453376442@strayalpha.com>
From: "Iván Arce (Quarkslab)" <iarce@quarkslab.com>
Autocrypt: addr=iarce@quarkslab.com; prefer-encrypt=mutual; keydata= mQINBFj2A+gBEADEvq3Lr0svpsd/Lp92QS0kVsUX8gzPpegwuka1eYWnTHeq1wXcIYM/03BH bxK4lCjFPwu0ZHeZeCTweczMGB2/4GsMD4nT2uoVKlWhlRR3lCnmG49BmocNPmJUnu3S2Jw7 LZsEZhC/9x9ZebpV1C/FhEz3xQkOlCuZlJWRPiiX7DjaCCsCOGidWQijMpMJH0ihUhidSqpJ 47P79Dw8NhdV3ErUYkF0E5sVOrOK2/5Fq/x/EZE2aeSh8i43AryJt6Zke8MteEjuBcvSvuRI Teg1W+Fc9x9I/gYMntU6WJYZgEiwXZpPLT6bIk/l4+ebBzI2kMJ7LC5sdXem4cMUHpm+fBoi SNEs8Nbjrxfuw/Lx1JYFNPqoknahvwasW9U025xVpHnjuhVp4nPm/NlxWRGApeWJfFEEO/ga WKBirba/OxZciIxE5FotWlPNN9y8Ys/INUX/+Dg55ngcEYMm54ONT8wzcd8wcLmCiblWaDkx CQ0kqAS5tljTy5ZL0PSWafk4ZyUHWdFUYnG1fksPhYZqk9aKeHvhpZDqj1h069fOXp2hztvU /F7Y/ViZme+5eKCR7Msre2ZQuMT6n4LASPcSKDoRiWWRAa9/c4VsxPq0Hn0jfsg0WWdxOHf3 b5QbyZ64L5PBYS/WT/y9mwN51CSKowmEdbW+jEGHlrEgvXmxCQARAQABtCRJdmFuIEFyY2Ug KCVuKSA8aWFyY2VAcXVhcmtzbGFiLmNvbT6JAjgEEwEIACICGwMFCQlmAYAECwcJCAQVCAkK Ah4BAheABQJY9kjsAhkBAAoJEC/BrVM8ce7UwvIP/Ri55m+ljJ+v6KWj4uXeTb5L73TQ5T8d 4aeNiv/W3R39UGlhRxXzLiySKdrq6zqgIIAiEQ10Ebl8RGIrxy2yKIwFseZ6fmfK5xoqdO6x 9jbJ3aS5dqtHVX/dgDEVLTo2WGgS51CG6G/9qtrZqL+vQUeJnEUauAvlxy4m+48SC0JPVF5Q rzPJ+zKv58xwSfFKsTg2Aq4A7F4EuvOWCBlFTNAjXjXHfKSddsP3BrUTWSzfzwBVQZ9TJej3 YhNqSIWGugcT5aYei/b1taL4nDeORPszajDUkhQXri9IH5hMlsXOWMNlkYbUNU1vgzIg7b9x PzI7ZK3rObqMftHThCSteqwTkXSXuIHjdjNwfEuukHfLnYlUzjDQNnzn79pXnoJAGHkxmcwH J5E61o9VxMyzdvkCQn2qoNJeDDE3eLO7LKuJJiCBbpqj3Yz6AgkkJH9SCRdifV8vHit5QKJ0 RhQ3JAjW/iP1lpwWCUqaU3Iw1NNdPKcyr0SqHFneu6CMXJpFAuToJY5Lwm+UJFC+7Vmvt8Ty EYew1HYcbl81qnFDvn5Dg0SC3N3fP82uVPJDS1+3U0jReEgz+DzSdUmCX4uO8qnEfPVYSI4t dkoptG0/9vpIQyIXeN14bqvZDSyLrnXlXYrV7fET0U78Ky5bEXjjVKf1IyslsMPIyinJrFZJ 1RmLuQENBFj2IWABCADI/ZQH8BCuLvKNP8B9LNCudAipe+hD0LQnP10vhsUaCCGqEDh7y3+G FQHZ+7r0bHFsk1YRW+6agYK5y9pNA7k3k06/hY9uqPilJpQpduqwjT2FzCb7/68rOtdaBoLU j4oRLilovTCNL4uf/pX7F/fRqEZbOlZBZXshGaPuYZqTYMa3wOMSUpm03gN+yseRUJBLOJ4q hKfYeR5SaZxBAQHhJHc+wI4AQikZYC/uoAL8PNri5SMn8iHaZjxiQjzcdTEeSWZqWgQMPHKF o/8w84zhwj8T29scViJA4dQlTf6sDngXZaPy9e6FuNQ5TvMbEda3nukl5ZJ9LD0WZhN8hrvR ABEBAAGJAiUEGAEIAA8FAlj2IWACGwwFCQeEzgAACgkQL8GtUzxx7tTKYhAAjQrKCoeqxRii c5vlCfK+bR10ox0s1TzK+rmlFdy5GTfmnyOUEEXiZ1tyImfcjsFnrKHveMukYTYdGgCG30OP GWKsmLKY+vfG+uZVfwMoFvQnyovUJnITej5h2Nmqeked4ECP2nC7y0P3Or9DAm+NEJM9wGtr WcyY/t/3htQFXnlxiZJ8ZGyfconkXPR0zRpgoOvrg48D6npFTgZAv37vWI5PYAuvIlup8nhf 4H/2SRwAE1RQL1BC3aGlXvWrdQPpKaMBGln3ouCCVBgrFjkGbvCNw7YzMkF3O0LOMHfKNIM5 YQDW27DWrNRHFhsJL2piaAGA9UZ6ODfstfclKA5s1LB7v5eYzf3lnSYQRWnsOrLGcyOl/9EX fUXyYEs/ClNhhtAw4UCHn5Y0PycsV+qNtPdCr9gcxhwyZtuCE6OcZkzfJfNviZwbekjekQdI GtGn+CwP1/nmXRA1crGsYj0YyaSGIoz8jFMtKQQZbPWov7yxZ52MSIinD9NUisJZ2FAk5x0N Ma5LuZTq1nRG/mA/oY6JnOSnhPiJiuHh7K58O722NJYmKc/Zn8SBwBPgE7UNdkO9ePnNiTHh h9mulBJYUNMpljSimveSsZmVoKnjStp8LmiHA3by0rzY6kXPvqlnNfYAZHJ9Qm++eScAnfei K9H83o3FwSYfhUIZC2a/CCC5AQ0EWPYjnwEIANLC2x8T0iWNoxMDMZKY6CEyP82o3fNN0RwS vK6YMGnxSrDNe2OgLgtm+JlGtechfl4/QsO/glss4GlhFXkY/KIrMqrBXHBIglgs6ypjiNdY ywGcO/qiGL3SIWu4CF6EhI1tWcST/p4gGzNtMouJvo2SRPThEq8MIjlmzF+N1dAcnCWNyp0t WxlydPm4A+WbOUx9J0FRnM2yaINi5FjzVACbEbV+n4jjCyEIxNhGJoa8wEBD81C+Sej5cndG C4SP2Bg457/+VeKwS8cIOEQFbrKaoFS8z5mVprTReY2RpBI8uTZQMShxZktA5vzvmWTfHu0I Z+45jeuSmfrZw+dXXI0AEQEAAYkDRAQYAQgADwUCWPYjnwIbAgUJB4TOAAEpCRAvwa1TPHHu 1MBdIAQZAQgABgUCWPYjnwAKCRDXm/Ba36AuAhV0B/9xNUsfa4rsxH9UU/NqxqYSx+AZj82s Xkq1xjo0HkZ9NriwEVNazQHEC3Q2wwBo9uXiQcYU79RZQL9+cspbWCRAyx/htAydRMaMFT/3 WwOuQWGTGoA9UFk4th/ODwK7A0YGTzxaDMbR0AN4L/ht7wswzZoWn+76QwhbM+bazVJxBWDK ExfbRSkApFJrhoOxdtjM/lmT9IC7lf+j3CnnyLN4QcaYwykuCGdKToveJhRe++k6hgQldruz lbn015ftcO63wL/kd/gc6Zjx5HEDRiODcOEpa4o73S79TK86xBTqHxyJ+z/bXPoai6wgIOus vq2A7S2pUtv5mOwol2u6OD53iBYQAIqV4TQbW4IDbh26zKr5aevS/tcMSaFQEmO+MqwhK74g bVXkae/i4CBEtX7meq65OH1Ef8gqPHXrEZzom9x91qiPDxFhp9J47rZurd86U+zEWm6uhVBX Vj2IFJPxauXPDg4iKuSpgQ/GXM3KYJ/xuFNPQPbzvsZtk+Ut+jAWI23ATQWfBU9tMNAErPmS P4frKLUueHb9+kHkwLO0Re+tW4u8FyGiADC7pSPIrNH65ukMeZMpyU2909LBrDXq5A+/3xvD EFikQNkI96xLggfBAPbHuIuZIA9+VRC4q6p2oHHnbCvvbHm7Ybl+TXntU1+L4U1xd+ibvO9T X+75fsemS3GJPHtNGKHpBOhriUnub1QMHcXgP23cd8+7uDjBKVnRQahwwFyBT+1lrv98+ayu b/N6Z3nZkD4TM6aTwikfpK/KxzDY7ByGeFJg7bJo/oJM5QSA5CZOKn0wTLYn/71HeQ06I0GN sz5QdTHYaoZ89Uf49Eg4urFfhWk/drrbAVBexGIz5J9F7MdxJJ0xHSZQmQFgQh5W1NBLsw09 WZfOr2L2CPWasvoBMN4Q8gLfIjvVpVTYQKwRspcFiOfHh5moBzK2zAmjqw/vKMiKSV6nP1H1 LlEKY11ht4qsNjnCBDy6mu65ihFWANX7i9R4bGs84GGyG8ckq2+PWhizz2ilsz5p
Message-ID: <9ca88bcf-e010-9892-4f14-ae16a933c4f9@quarkslab.com>
Date: Fri, 18 Dec 2020 02:04:29 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <54EE8BA5-4886-4324-A7B8-BEE453376442@strayalpha.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/last-call/Mu3TvLbeQRHeuYKoZcW8QmIBRVM>
Subject: Re: [Last-Call] Last Call: <draft-gont-numeric-ids-sec-considerations-06.txt> (Security Considerations for Transient Numeric Identifiers Employed in Network Protocols) to Best Current Practice
X-BeenThere: last-call@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Last Calls <last-call.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/last-call>, <mailto:last-call-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/last-call/>
List-Post: <mailto:last-call@ietf.org>
List-Help: <mailto:last-call-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/last-call>, <mailto:last-call-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Dec 2020 05:04:42 -0000
On 12/18/20 1:02 AM, Joe Touch wrote: > > >> On Dec 17, 2020, at 7:03 PM, Fernando Gont <fgont@si6networks.com> wrote: >> >> I think we have gone through this before. Folks (including you) raise objections. I note that the claim has no basis or ask a question which clearly shows the objection has no basis, and they omit the question, stop responding, or switch to something else. > > We do, because our input has need ignored (again) and we have better things to do. > You have provided no constructive criticism, have not proposed any text to deal with your objections or concerns, or to improve the draft in any other way and have simply argued that the draft shouldnt be published period. The total sum of your input is "do not publish this". We have not ignored it, we have engaged in a discussion replying to every objection to publication with arguments and examples, we have suggested text to address your concerns about IoT devices that cant possibly have an RNG, and other's concerns as well but none of those efforts seem sufficient or acceptable. The ignoring seem to be somewhere else. I've spent every email on this thread trying to explain why the draft should published instead of discussing how to make it better. I have better things to do as well. /ivan -- Iván Arce CTO - Security Analysis Quarkslab
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Joe Touch
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Russ Housley
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Benjamin Kaduk
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Russ Housley
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Eliot Lear
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Eliot Lear
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Russ Housley
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Russ Housley
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Iván Arce (Quarkslab)
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Russ Housley
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Eric Rescorla
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Iván Arce (Quarkslab)
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Eric Rescorla
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Eric Rescorla
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Benjamin Kaduk
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Benjamin Kaduk
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Iván Arce (Quarkslab)
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Joseph Touch
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Iván Arce (Quarkslab)
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Russ Housley
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Joseph Touch
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Christian Huitema
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Iván Arce (Quarkslab)
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Christian Huitema
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Christian Huitema
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Martin Thomson
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- [Last-Call] Fwd: Re: Last Call: <draft-gont-numer… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Martin Thomson
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Martin Thomson
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Iván Arce (Quarkslab)
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Joseph Touch
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Ted Lemon
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Joseph Touch
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Ted Lemon
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Joe Touch
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Joe Touch
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Joseph Touch
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Joseph Touch
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Iván Arce (Quarkslab)
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Christian Huitema
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Iván Arce (Quarkslab)
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Iván Arce (Quarkslab)
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Theo de Raadt
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Eric Rescorla
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Paul Wouters
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Paul Wouters
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont
- Re: [Last-Call] Last Call: <draft-gont-numeric-id… Fernando Gont