Re: [Pearg] Spencer Dawkins' Yes on draft-irtf-pearg-numeric-ids-history-09: (with COMMENT)
Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com> Mon, 20 June 2022 16:28 UTC
Return-Path: <spencerdawkins.ietf@gmail.com>
X-Original-To: pearg@ietfa.amsl.com
Delivered-To: pearg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C0F59C15AAF4; Mon, 20 Jun 2022 09:28:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.104
X-Spam-Level:
X-Spam-Status: No, score=-0.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, URI_DOTEDU=1.999] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0JKBtTia5rDM; Mon, 20 Jun 2022 09:28:49 -0700 (PDT)
Received: from mail-vs1-xe35.google.com (mail-vs1-xe35.google.com [IPv6:2607:f8b0:4864:20::e35]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 08356C15AAF3; Mon, 20 Jun 2022 09:28:49 -0700 (PDT)
Received: by mail-vs1-xe35.google.com with SMTP id k25so3406749vso.6; Mon, 20 Jun 2022 09:28:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=LG0J2qp6e6WIQu6e9+o3sbs5kc2u+LtiTyk6aS7fMnY=; b=TtZ/lfebFVqXky4NBUn1XzAQZpJalXXP87ce/8W5v2wxQHA4V7F4uSZb8OHt0rN0tZ WklHCPeUqFDlgEBF/bOm5OIHNnN1NAJkIw7lg3irCjH+O6xqBEGj6xBOoeS/RXQMS62M AObK6XFBIYCjoyXplgAhLxcHmYfloh+T8rJL6PkM6mZIU8I9gJKZZpCFWLrMzPvo5fkk QHUpW8xmsulwITVrfrB1wpeA3GlUGlULe/MKao5X7VpsSu1Ewubfca4/Fg302ZrGvk21 aeXRpo8Xpn+yXmM9Vcq610LWyKE5bM8/bBwksOBI0WJJ545xL2kViaA8Zak8pJxdzSXa oSpg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=LG0J2qp6e6WIQu6e9+o3sbs5kc2u+LtiTyk6aS7fMnY=; b=lLJ1k4VTnYU4ZkuJ5z7bJEfI3tHuiXKAfdecxHu0SnsEqryrCsGGzV5/WbYpyAkgkO wlCC1b+QF0hDhqzH585RtmumbstGfp87XL8XXyi/w415n/5WQJCqTB3rq7FgY85jNnAi g0+pk1oXDsmOl7op3n5dJHL16SEuch9fWx3XpIUCDsyMZCPGVxKSrK5vvzuBqW+iUQt3 AuGC6IkVFUNyt6SVofN+UHso8mVj7Qawzg2Z4Wn/vthjDvHn2QAH7mP5sEGb+T8zVWct ZyC4qg+Onyeu4YZ9YFXWO/3ff9DIILuvDqNtw8WNhC3veyh1EM0lMHU2zlkjLVr1Nb/N 4AEw==
X-Gm-Message-State: AJIora+xE3RdAzZqzbPu5lyLwRfiLqa49C/Cw+ozzdIK25l3JuysG2NQ Pu6d9Wvasyzf6gCdEF702cbnwmismvG1IbLlpZI=
X-Google-Smtp-Source: AGRyM1s7myp4mKhcibS3vAsdzIdzwnKlj9yj+CC3vsmtGU12WYO/hQl4RuXbReZ5GOdb43gTm5Gmm181weJaQyLZG9M=
X-Received: by 2002:a05:6102:3bc2:b0:354:21c3:2a37 with SMTP id a2-20020a0561023bc200b0035421c32a37mr3808991vsv.72.1655742527751; Mon, 20 Jun 2022 09:28:47 -0700 (PDT)
MIME-Version: 1.0
References: <165541878753.59903.8018667065000800390@ietfa.amsl.com> <0fe4965d-2660-ad3a-1826-509176e2bba5@si6networks.com>
In-Reply-To: <0fe4965d-2660-ad3a-1826-509176e2bba5@si6networks.com>
From: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
Date: Mon, 20 Jun 2022 11:28:22 -0500
Message-ID: <CAKKJt-fk0ajJN7k7-PF6NUB6wOjzot5FOA3Y5JibQ9K-hwPHLg@mail.gmail.com>
To: Fernando Gont <fgont@si6networks.com>
Cc: The IRSG <irsg@irtf.org>, draft-irtf-pearg-numeric-ids-history@ietf.org, pearg-chairs@ietf.org, pearg@irtf.org, Sara Dickinson <sara@sinodun.com>
Content-Type: multipart/alternative; boundary="00000000000034cc2505e1e399f2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/pearg/3VHfYhLx6dfxABp6skI4B602LY0>
Subject: Re: [Pearg] Spencer Dawkins' Yes on draft-irtf-pearg-numeric-ids-history-09: (with COMMENT)
X-BeenThere: pearg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Privacy Enhancements and Assessment Proposed RG <pearg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/pearg>, <mailto:pearg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pearg/>
List-Post: <mailto:pearg@irtf.org>
List-Help: <mailto:pearg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/pearg>, <mailto:pearg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Jun 2022 16:28:52 -0000
Hi, Fernado, On Thu, Jun 16, 2022 at 9:37 PM Fernando Gont <fgont@si6networks.com> wrote: > Hi, Spencer, > > Thanks so much for your comments and input! -- In-line... > > On 16/6/22 19:33, Spencer Dawkins via Datatracker wrote: > [....] > > ---------------------------------------------------------------------- > > COMMENT: > > ---------------------------------------------------------------------- > > > > At a 10K meter level, I love everything about this document. I remember > > probably 60-70 percent of this history, some of which I was reading about > > before I started participating in the IETF in 1997, I learned from the > parts I > > didn't remember and had probably never seen, and there's no way I could > have > > described all of it as well as you did. > > > > I wish we had more documents explaining why the IRTF is doing research on > > aspects of widely deployed protocols. > > > > I do have two or three nits about readability and consistency, but I'm > already > > a Yes, so Do The Right Thing - I can't say "it's ready" any more clearly > than > > balloting "Yes". > > > > - Honest question here. In this text from the Introduction, > > > > “For more than 30 years, a large number of implementations of the TCP/IP > > protocol suite have been subject to a variety of attacks, with effects > ranging > > from Denial of Service (DoS) or data injection, to information leakages > that > > could be exploited for pervasive monitoring [RFC7258]. The root cause of > these > > issues has been, in many cases, poor selection of transient numeric > > identifiers, usually as a result of insufficient or misleading > specifications.” > > > > Does “TCP/IP protocol suite” mean what you intend it to mean? > > Well, we used the term as it has been used in classical books such as > "TCP/IP Illustrated" (Stevens) or "Internetworking with TCP/IP" > (Comer). It has also been used by Bellovin in “Security Problems in the > TCP/IP Protocol Suite” > (https://www.cs.columbia.edu/~smb/papers/acsac-ipext.pdf) > -- but it's also possible that it could mean different things to > different people. > I take your point here, but I also wonder if the term is understood by most people today, the way it was understood in 1994 (when Stevens was first published) or 1988 (when Comer was first published). 😉 In related news, OMG I'm old, because I used the first editions of both of these heavily. But I digress. > But we could also probably s/TCP\/IP protocol suite/Internet protocols/ > or s/TCP\/IP protocol suite/IETF protocols/ or s/TCP\/IP protocol > suite/Internet protocol suite/ > > I'm fine in all cases :-) > Looking at your suggestions when I'm awake, I like s/TCP\/IP protocol suite/IETF protocols/ best - I think it's the most accurate description. Do The Right Thing, of course. > > You follow this with a list of examples that (if I understand correctly) > > include IPv4, IPv6, “transport protocols”, TCP, and DNS. Just poking at > one of > > the references, The Introduction of RFC 6056 calls out > > > > TCP [RFC0793], UDP [RFC0768], SCTP [RFC4960], DCCP > > [RFC4340], UDP-lite [RFC3828], and RTP [RFC3550] (provided the RTP > > application explicitly signals the RTP and RTCP port numbers with, > > e.g., [RFC3605]). > > > > Perhaps those protocols should be part of what I think of when I hear > “TCP/IP > > protocol suite”, but they aren’t. > > > > - I might have suggested “implementations of Internet network-layer and > > transport-layer protocols”, but even that doesn’t include DNS, which is > on your > > list. And a quick peek at Section 4.4 mentions problems with NTP > Reference IDs > > (REFIDs), which is NOT mentioned in the Introduction, but is described > later in > > the document, while problems with DNS TxIDs, which is mentioned in the > > Introduction, is NOT described in Section 4 (the detailed discussion of > DNS in > > Section 4 is about predictable port numbers used by DNS > implementations). Maybe > > the transient numeric identifier problems with those two > application-level > > protocols could be treated consistently in Section 1 and Section 4? > > You mean mention all examples in all places/sections? So my other comment was that the list of examples in the introduction doesn't match the detailed discussion in Section 4, and I can't think of a good reason to do that. ISTM that if you want people to find information about NTP Reference IDs in Section 4, it should be in the list of examples in the Introduction. ISTM that if you don't want people to look for information in DNS TxIDs in Section 4 because there's not any, this shouldn't be in the list of examples in the Introduction. - If you have something to say about DNS TxIDs, adding a short section with appropriate references, as you do in the rest of Section 4, would match the Introduction. - If you don't have anything to say about DNS TxIDs, you could just as easily remove that from the list of examples in the Introduction. Does that make sense? > - In Section 4,the phrase “A number of protocol specifications” is used. > Is > > that a better way to say what you mean in Section 1 and Section 5? Or is > there > > a better way to describe the protocols you’re thinking of in the > Introduction, > > without attempting to list them exhaustively? > > Please see my proposal above. > I like your proposal above. > > > - I should also mention that Section 5 also uses the phrase “large > number of > > implementations of the TCP/ IP protocol suite”. Whatever you do with this > > phrase in Section 1, you should probably consider doing in Section 5 as > well. > > Agreed. > > > > > > - I also have a point of confusion with the phrase “sample transient > numeric > > identifiers” in Section 1, and in Section 4. "sample" seems like an > adjective > > in those usages. I THINK (correct me if I’m wrong) that this phrase is > intended > > to mean “some transient numeric identifiers that have been found to be > > problematic” - because this isn’t a complete list of the problematic > > identifiers, right? > > Exactly! ("English as a second language" might be playing a role here :-) ) > > Any suggested tweaks here? > Sure. I was thinking you could use “some transient numeric identifiers that have been found to be problematic” but tweaking that a bit more to use your proposal above gives “some transient numeric identifiers used in IETF protocols that have been found to be problematic” Does that make sense? Best, Spencer > Thanks! > > Regards, > -- > Fernando Gont > SI6 Networks > e-mail: fgont@si6networks.com > PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 >
- [Pearg] Spencer Dawkins' Yes on draft-irtf-pearg-… Spencer Dawkins via Datatracker
- Re: [Pearg] Spencer Dawkins' Yes on draft-irtf-pe… Fernando Gont
- Re: [Pearg] Spencer Dawkins' Yes on draft-irtf-pe… Spencer Dawkins at IETF
- Re: [Pearg] Spencer Dawkins' Yes on draft-irtf-pe… Fernando Gont