IETF Logo Mail Archive

Re: [Last-Call] Last Call: <draft-gont-numeric-ids-sec-considerations-06.txt> (Security Considerations for Transient Numeric Identifiers Employed in Network Protocols) to Best Current Practice

Martin Thomson <mt@lowentropy.net> Thu, 17 December 2020 09:17 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: last-call@ietfa.amsl.com
Delivered-To: last-call@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 71F103A1579 for <last-call@ietfa.amsl.com>; Thu, 17 Dec 2020 01:17:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=kN2sGAHb; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=Nm+Llizg
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8EF-_6wMphCd for <last-call@ietfa.amsl.com>; Thu, 17 Dec 2020 01:17:40 -0800 (PST)
Received: from wout3-smtp.messagingengine.com (wout3-smtp.messagingengine.com [64.147.123.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 582C03A1577 for <last-call@ietf.org>; Thu, 17 Dec 2020 01:17:40 -0800 (PST)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id 39F188D5; Thu, 17 Dec 2020 04:17:39 -0500 (EST)
Received: from imap10 ([10.202.2.60]) by compute1.internal (MEProxy); Thu, 17 Dec 2020 04:17:39 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm1; bh=hC/qbKx2V0jdD2NhCE2+HbnoOiDR53U 0jDNv8x8+Su8=; b=kN2sGAHbJymc4p2Mp9fOLnOzTvoqLZQpJzCaul+XzDU0Is0 ao9lvpxuLZtUlaoPEV3XIMMOgV3ETu9J6lRwvzqXQQJJF+DKymBu+AWtSonSGIQH M6DGc4jcrxZgSuT4sn/RfI9cnMJgDm6ycn5u6LwFnRvrdKYNJnnl4E94CeymQc3O mf0WEoVNyasVkGftsgy8kjwGX0+OUKnjCfz4pC62LYWTxHcZNRzCEuYc2D6piCBv oZfyZdudGUUt02vaoW+KL6fwL7lt6VJlfZINmTjls32H3cP2G96aW/tuGVPFt8k8 /eUsq6YtrGySN8cT37/suXr6gkMRszzgnbDN4ww==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=hC/qbK x2V0jdD2NhCE2+HbnoOiDR53U0jDNv8x8+Su8=; b=Nm+LlizgzJ3ZZHqa0LsSxt UZKb9P5c8le+hKi0LD6L+GIsOp2Jwtw6T7158zauNt0wiE3loOu3zqUkCDNrO9pu Eb8DYHi64xQy49AmLP4oewCKOzi8+H9eD1LHB3rMZCHCLcU5YL4/J7Ub57HLvt8t ZWW439SOranl7OhGjHj+Hhthlo7Prgs6HmFBXmTPSwwujiFr1uRD9NLYx3/ALNfS 7RPzF99abdLKK4Lju3AlfuVN8/C9wkkibTrOaizk/Wn/RT8U3HcojWc65Ea/acoL xHk2YugU73j1TwqIeAqy5NjzU/b8VjszbCJipoJ2nfsC4Y5NA6yHJ/+8lic1XlwQ ==
X-ME-Sender: <xms:MSLbXxUowlFGiYSCQTgMIVuJqq-LtEEDg5QbDbWLQrNl5vH0fYaM9Q> <xme:MSLbXxkLALHaPumGMj_3_iTC9S7PMM4O9xbMILyKY4mj7LnsgS2g4nUFfg7NoPZ3y k9ybCRkZwaw-ubMGa8>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrudelfedgudefvdcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefofgggkfgjfhffhffvufgtsehttdertderreejnecuhfhrohhmpedfofgr rhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhhofigvnhhtrhhophihrdhnvghtqeenuc ggtffrrghtthgvrhhnpeehfeetudduudehtdekhfdvhfetleffudejgeejffehffevkedu iefgueevkeefleenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfh hrohhmpehmtheslhhofigvnhhtrhhophihrdhnvght
X-ME-Proxy: <xmx:MSLbX9aHaUeeA1PITk45ydn_b29WOrZ1gJ1v3qAFehUJgejhVQq4tQ> <xmx:MSLbX0WGJEqoGNO9FhrgRWDba_SJZ-nuZ4VevjsU1WyFRwe-bOB75g> <xmx:MSLbX7ntDjxea2vDQgdfqfozK4_0eGezH6_JLJnfckw_4bOQQZiy1w> <xmx:MiLbXxQoR2lAhdWJFxXfGaGHRj0JYItV2Qjs4fsaBLuO-Id8P9I4uw>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 3E8B020063; Thu, 17 Dec 2020 04:17:37 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.3.1-61-gb52c239-fm-20201210.001-gb52c2396
Mime-Version: 1.0
Message-Id: <7baf5409-eb35-4ae6-94ec-2667579838b8@www.fastmail.com>
In-Reply-To: <961d807e-babc-5f22-3355-5ac7795784d8@si6networks.com>
References: <CABcZeBPTk0zrm6iwJOiac6N7w_jYhtkoX3HeBci9tZ_Y8=uKVw@mail.gmail.com> <0FA1DBD3-8E38-4F0E-A8CC-725053B64CB8@strayalpha.com> <38ad33f9-3f79-dc3f-6919-b07fb5a499f4@si6networks.com> <4633ee35-f1d2-4db9-d7b8-8207e697c6bc@huitema.net> <ec064b2f-4ab0-dc64-52e4-b6dc319765b5@si6networks.com> <2572a393-f5cc-42f3-7ddb-15a3ace26b47@huitema.net> <a5d0aebb-7d56-4d1e-ae64-818c3c89c1c2@www.fastmail.com> <961d807e-babc-5f22-3355-5ac7795784d8@si6networks.com>
Date: Thu, 17 Dec 2020 20:17:15 +1100
From: Martin Thomson <mt@lowentropy.net>
To: Fernando Gont <fgont@si6networks.com>, last-call@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/last-call/WIiH1JsRfGd538dYd9WCwE5-os0>
Subject: Re: [Last-Call] Last Call: <draft-gont-numeric-ids-sec-considerations-06.txt> (Security Considerations for Transient Numeric Identifiers Employed in Network Protocols) to Best Current Practice
X-BeenThere: last-call@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Last Calls <last-call.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/last-call>, <mailto:last-call-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/last-call/>
List-Post: <mailto:last-call@ietf.org>
List-Help: <mailto:last-call-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/last-call>, <mailto:last-call-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Dec 2020 09:17:41 -0000


On Thu, Dec 17, 2020, at 18:35, Fernando Gont wrote:
> > Separately, I found the list of potential problems in Section 4 to be
> > approximately OK, though it lacked any mention of a need to
> > synchronize changes across protocol layers.  I acknowledge that that
> > is about use rather than generation, but that is quite relevant here
> > too.
> 
> That's a good point. We considered that to be implicit here:
> 
>     o  Employing the same identifier across contexts in which constancy
>        is not required

Unnecessary linkability is one thing, but "not required" is not the thing I refer to, but "constancy where unlinkability is desirable".

> One trivial example would be the randomization of MAC addresses without 
> a change in the MAC address triggering generation of a new IPv6 address.

Right.

> Do you think this warrants clarification?

Definitely.

v2.46.0 | Report a Bug | By Email | System Status