Re: [Pearg] Review of draft-irtf-pearg-numeric-ids-history-01

Christopher Wood <caw@heapingbits.net> Sun, 29 March 2020 00:45 UTC

Return-Path: <caw@heapingbits.net>
X-Original-To: pearg@ietfa.amsl.com
Delivered-To: pearg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C65F53A0C39 for <pearg@ietfa.amsl.com>; Sat, 28 Mar 2020 17:45:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.2
X-Spam-Level:
X-Spam-Status: No, score=-0.2 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b=QZu6vbca; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=FzU4/3Ez
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oh9ibbr2lSZS for <pearg@ietfa.amsl.com>; Sat, 28 Mar 2020 17:45:17 -0700 (PDT)
Received: from wout2-smtp.messagingengine.com (wout2-smtp.messagingengine.com [64.147.123.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 451653A0C38 for <pearg@irtf.org>; Sat, 28 Mar 2020 17:45:17 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id BB6A4654 for <pearg@irtf.org>; Sat, 28 Mar 2020 20:45:16 -0400 (EDT)
Received: from imap4 ([10.202.2.54]) by compute1.internal (MEProxy); Sat, 28 Mar 2020 20:45:16 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm1; bh=htHb3vWo1UfsG+MdEHd4Zvx+maHdUWf UlKKhyYUTRiE=; b=QZu6vbcabYRGDWvU/KN1iyWRfG0rPg6SozaoBEaN8pjJLZA kMVe4tPPtWaJjbKEkxWbHtu6rzRkyM9RsmYs/QCTSkZiEvXwqyN9ZuLgU/ppzTDZ 8o8qGl5NXr2R/V459H9+nbBajPL97D5nz9N6RQECqFYWpmLjdqnl3MNVOadj0pje Z95xi/Zv2pGnaEg0oPQQBOKRa+/b8ZcERYv1FaiFs3r4pKMukQ0qWt2YM454jY++ RChIMYHLilRLQzaMQOeNtOlL+QsncOIVLoqYGzt4HWFL4ylusle9HQ/DEKIOs4OT 5dz3JYlKbyvGHM4c+IR0RIFsYIYGO2cSBGZ50zw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=htHb3v Wo1UfsG+MdEHd4Zvx+maHdUWfUlKKhyYUTRiE=; b=FzU4/3Ezekcn/8XCJq0lju zdLrUTp5x78CR/fJlvqA+II584dtG7HCsyn9nfcYMZeKzNzF4JOl6uqUTMp2+mHW bQRKsjIB36gknDgxZQLWlAlz81tzjXkuIzVoEeBdNT6N04JkXhSWMcUdGelkiRl0 5rcPUZoIzxyS5900mAerY+6MwE+9650/eyGaQY31ZtO3m/5ndXWcCyWm+KVkdXN1 jQrNXCosI0IicggOzqEuQh2BfVIfTipYQQbVSGwTbZzS/CP6vHxlCIDzbLf+lJxh cYRHVcMDtEof5HHbFSOBfEoEFdnmOBUOxv+3312UcTUWXHqzUZrp/UW2kIaOLmyg ==
X-ME-Sender: <xms:nO9_XnWIRv7cQfHocKUw6FPosyQwMI3-wu_pd9v2WTyaHoyW4WPQ7w>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedugedrudeivddgvdeiucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtsehttd ertderredtnecuhfhrohhmpedfvehhrhhishhtohhphhgvrhcuhghoohgufdcuoegtrgif sehhvggrphhinhhgsghithhsrdhnvghtqeenucffohhmrghinhepihgvthhfrdhorhhgne cuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheptggrfies hhgvrghpihhnghgsihhtshdrnhgvth
X-ME-Proxy: <xmx:nO9_XiIJ64OzOUBIm2T4xcy9K-YhHua-TvyHYfK5yxXK3Vbmp03_Dw> <xmx:nO9_XkVuhSzcwFMPOUT_Y2-FhSW4k0RQa-BoFdUF909bNRGKUuXTvA> <xmx:nO9_XnUPYNxr6VDr_pf_anMraKfYrFzJY-yvOVIUIdSFDj422lV7Kw> <xmx:nO9_Xu5vQm1_SZgjIKXEwXnnC6wvQY9r_iMyjQqnFEdEhvlOLT93zQ>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 3BC7A3C00A1; Sat, 28 Mar 2020 20:45:16 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.7-1021-g152deaf-fmstable-20200319v1
Mime-Version: 1.0
Message-Id: <7a456b7f-e218-4345-95d8-1c7195a84f4a@www.fastmail.com>
In-Reply-To: <819285e9-f34e-4815-a046-852c453d23f8@www.fastmail.com>
References: <819285e9-f34e-4815-a046-852c453d23f8@www.fastmail.com>
Date: Sat, 28 Mar 2020 17:44:56 -0700
From: "Christopher Wood" <caw@heapingbits.net>
To: pearg@irtf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/pearg/2Qxw11OlEus2autTpVpqc8U5vK0>
Subject: Re: [Pearg] Review of draft-irtf-pearg-numeric-ids-history-01
X-BeenThere: pearg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Privacy Enhancements and Assessment Proposed RG <pearg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/pearg>, <mailto:pearg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pearg/>
List-Post: <mailto:pearg@irtf.org>
List-Help: <mailto:pearg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/pearg>, <mailto:pearg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Mar 2020 00:45:19 -0000

... with no hat on!

Best,
Chris

On Sat, Mar 28, 2020, at 5:44 PM, Christopher Wood wrote:
> Document: draft-irtf-pearg-numeric-ids-history-01 
> [https://tools.ietf.org/id/draft-irtf-pearg-numeric-ids-history-01.txt]
> 
> Assessment: Almost ready
> 
> Thanks for putting this information together! I think the analysis and 
> timeline are 
> a testament to the importance and subtleties of numeric identifier 
> generation. 
> The amount of detail is quite comprehensive. Even if there are glaring 
> omissions,
> I think the overall point is made clear.
> 
> I only have some high level comments on the document, along with several nits. 
> (If it'd be easier, and if you have the repository on GitHub, I can submit a PR 
> for the nits.)
> 
> Comments:
> 
> - Section 2: Neither hard nor soft failures are used in the document. 
> Can we just remove 
> these terms altogether?
> - Section 3: Perhaps it's worth mentioning that we consider the 
> standard Dolev-Yao 
> style attacker as outlined in RFC3552?
> - Section 5, second paragraph: It looks the start of this sentence (or 
> paragraph)
> was accidentally deleted:
> 
>    he interoperability requirements for TCP ISNs are probably not
>    clearly spelled out as one would expect.  
> 
> Nits:
>     
> - Abstract: "implications" seems like the wrong word. Perhaps 
> "properties" can be
> used instead? (That is, identifiers can affect security and privacy 
> properties, not
> affect *implications*. This is what's used in Section 1, too.)
> - Section 1: s/the poor selection of the aforementioned/poor selection 
> of numeric
> - Section 1: The sentence, "While it is generally possible... is 
> non-trivial" seems like
> it can come at the *end* of the introduction, or removed altogether as 
> it's redundant
> with a later sentence in the same section.
> - Section 1 (and elsewhere): and/or is not a word -- please use or.
> - Section 1: it might help to clarify what is an "inappropriate" 
> algorithm.
> - Section 1: s/The analysis of such timelines indicate that/This 
> analysis indicates that
> - Section 4: s/The above mas been/The above has been
> - Section 4: s/specification misses a/specification omits
> - Section 4: s/This has resulted in virtually all/This resulted in many
> - Section 4: In the December 2014 entry, it would be good to reference 
> I-D.gont-6man-predictable-fragment-id specifically rather than say "the 
> aforementioned
> IETF Internet Draft".
> - Section 5: s/leads to negative security and privacy 
> implications/harms security 
> and privacy properties (Let's make this change through the document, 
> please!)
> - Section 6: s/replacement of such flawed scheme/replacement of this 
> flawed scheme
> - Section 6: s/wg item of the 6man wg/WG item of the 6man WG 
> (capitalize WG here and elsewhere)
> - Section 7: s/The NTP [RFC5905] is employed to avoid/NTP [RFC5905] 
> avoids
> - Section 8: s/The proposal experiments/The proposal experiences
> - Section 10: s/This document analyzes the timeline of the 
> specification of different types of "numeric identifiers" used in IETF 
> protocols/This document analyzes the timeline of IETF protocol "numeric 
> identifiers"
>