Re: [Pearg] [Secdispatch] Numeric IDs: Update to RFC3552

Fernando Gont <fgont@si6networks.com> Thu, 18 April 2019 23:40 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: pearg@ietfa.amsl.com
Delivered-To: pearg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D49BE1201BA for <pearg@ietfa.amsl.com>; Thu, 18 Apr 2019 16:40:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3F5wYBhKecEA for <pearg@ietfa.amsl.com>; Thu, 18 Apr 2019 16:40:19 -0700 (PDT)
Received: from fgont.go6lab.si (fgont.go6lab.si [IPv6:2001:67c:27e4::14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC5541201B2 for <pearg@irtf.org>; Thu, 18 Apr 2019 16:40:18 -0700 (PDT)
Received: from [192.168.3.138] (unknown [186.138.212.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id 5A22E8493B; Fri, 19 Apr 2019 01:40:10 +0200 (CEST)
To: Eric Rescorla <ekr@rtfm.com>
Cc: "Iván Arce (Quarkslab)" <iarce@quarkslab.com>, IETF SecDispatch <secdispatch@ietf.org>, pearg@irtf.org, secdispatch-chairs@ietf.org
References: <4ac730a6-73ca-74cd-e848-4a6645bd0403@si6networks.com> <CABcZeBOy6MB0OG2cs=EE6hWB4pXBuNzW=LcQ+1dKmJzHBOUR-g@mail.gmail.com> <bc733114-6f97-532b-02d5-2730e834340a@si6networks.com> <CABcZeBPr2rfVkib684Gz4uCPWtFc4trwusJxNRJ6EPPpA=d0QA@mail.gmail.com>
From: Fernando Gont <fgont@si6networks.com>
Openpgp: preference=signencrypt
Autocrypt: addr=fgont@si6networks.com; prefer-encrypt=mutual; keydata= mQINBE5so2gBEACzBQBLUy8nzgAzSZn6ViXT6TmZBFNYNqTpPRvTVtUqF6+tkI+IEd9N2E8p pXUXCd0W4dkxz6o7pagnK63m4QSueggvp881RVVHOF8oTSHOdnGxLfLeLNJFKE1FOutU3vod GK/wG/Fwzkv9MebdXpMlLV8nnJuAt66XGl/lU1JrNfrKO4SoYQi4TsB/waUQcygh7OR/PEO0 EttiU8kZUbZNv58WH+PAj/rdZCrgUSiGXiWUQQKShqKnJxLuAcTcg5YRwL8se/V6ciW0QR9i /sr52gSmLLbW5N3hAoO+nv1V/9SjJAUvzXu43k8sua/XlCXkqU7uLj41CRR72JeUZ4DQsYfP LfNPC98ZGTVxbWbFtLXxpzzDDT8i3uo7w1LJ2Ij/d5ezcARqw01HGljWWxnidUrjbTpxkJ9X EllcsH94mer728j/HKzC9OcTuz6WUBP3Crgl6Q47gY5ZIiF0lsmd9/wxbaq5NiJ+lGuBRZrD v0dQx9KmyI0/pH2AF8cW897/6ypvcyD/1/11CJcN+uAGIrklwJlVpRSbKbFtGC6In592lhu7 wnK8cgyP5cTU+vva9+g6P1wehi4bylXdlKc6mMphbtSA+T3WBNP557+mh3L62l4pGaEGidcZ DLYT2Ud18eAJmxU3HnM8P3iZZgeoK7oqgb53/eg96vkONXNIOwARAQABtCVGZXJuYW5kbyBH b250IDxmZ29udEBzaTZuZXR3b3Jrcy5jb20+iQJBBBMBAgArAhsjBQkSzAMABgsJCAcDAgYV CAIJCgsEFgIDAQIeAQIXgAUCTmylpQIZAQAKCRCuJQ1VHU50kv7wD/9fuNtTfxSLk3B3Hs3p ixTy8YXVjdkVwWlnJjFd7BOWmg7sI+LDhpjGfT6+ddOiwkumnvUZpObodj4ysH0i8c7P4C5t F9yu7WjklSlrB5Rth2CGChg5bKt541z2WHkFFxys9qBLmCSYDeKQkzLqhCjIUJizY2kOJ2GI MnSFDzJjhSFEh//oW830Y8fel1xnf/NVF+lBVtRMtMOfoWUqDjvP3sJ1G4zgkDCnF0CfncLx +hq2Mv26Uq9OTzvLH9aSQQ/f067BOkKAJKsfHdborX4E96ISTz57/4xECRSMr5dVsKVm4Y// uVIsb+L5z+a32FaiBZIAKDgnJO7Z8j6CV5e5yfuBTtX52Yi9HjYYqnYJGSDxYd6igD4bWu+7 xmJPHjkdqZgGV6dQIgiUfqkU+s5Cv350vK48CMaT/ZLo2BdsMhWsmaHmb+waePUMyq6E4E9x 9Js+EJb9ZiCfxS9exgieZQpet1L36IvhiwByvkQM009ywfa30JeMOltUtfLi5V06WQWsTzPL 5C+4cpkguSuAJVDTctjCA0moIeVDOpJ8WH9voQ4IeWapQnX35OIoj1jGJqqYdx65gc1ygbyx b8vw+pJ9E5GLse5TQnYifOWpXzX9053dtbwp/2OVhU4KLlzfCPCEsoTyfu9nIZxdI2PMwiL5 M85BfjX4NmwBLmPGoLkCDQRObKNoARAAqqXCkr250BchRDmi+05F5UQFgylUh10XTAJxBeaQ UNtdxZiZRm6jgomSrqeYtricM9t9K0qb4X2ZXmAMW8o8AYW3RrQHTjcBwMnAKzUIEXXWaLfG cid/ygmvWzIHgMDQKP+MUq1AGQrnvt/MRLvZLyczAV1RTXS58qNaxtaSpc3K/yrDozh/a4pu WcUsVvIkzyx43sqcwamDSBb6U8JFoZizuLXiARLLASgyHrrCedNIZdWSx0z0iHEpZIelA2ih AGLiSMtmtikVEyrJICgO81DkKNCbBbPg+7fi23V6M24+3syHk3IdQibTtBMxinIPyLFF0byJ aGm0fmjefhnmVJyCIl/FDkCHprVhTme57G2/WdoGnUvnT7mcwDRb8XY5nNRkOJsqqLPemKjz kx8mXdQbunXtX9bKyVgd1gIl+LLsxbdzRCch773UBVoortPdK3kMyLtZ4uMeDX3comjx+6VL bztUdJ1Zc9/njwVG8fgmQ+0Kj5+bzQfUY+MmX0HTXIx3B4R1I1a8QoOwi1N+iZNdewV5Zfq+ 29NlQLnVPjCRCKbaz9k6RJ2oIti55YUI6zSsL3lmlOXsRbXN5bRswFczkNSCJxJMlDiyAUIC WOay7ymzvgzPa+BY/mYn94vRaurDQ4/ljOfj6oqgfjts+dJev4Jj89vp8MQI3KJpZPEAEQEA AYkCJQQYAQIADwUCTmyjaAIbDAUJEswDAAAKCRCuJQ1VHU50km4xEACho45PZrUjY4Zl2opR DFNo5a6roTOPpgwO9PcBb3I5F8yX2Dnew+9OhgWXbBhAFq4DCx+9Gjs43Bn60qbZTDbLGJ/m 8N4PwEiq0e5MKceYcbetEdEUWhm5L6psU9ZZ82GR3UGxPXYe+oifEoJjOXQ39avf9S8p3yKP Diil0E79rn7LbJjMcgMLyjFg9SDoJ6pHLtniJoDhEAaSSgeV7Y745+gyMIdtQmrFHfqrFdjq D6G0HE+Z68ywc5KN67YxhvhBmSycs1ZSKAXv1zLDlXdmjHDHkU3xMcB+RkuiTba8yRFYwb/n j62CC4NhFTuIKOc4ta3dJsyXTGh/hO9UjWUnmAGfd0fnzTBZF8Qlnw/8ftx5lt4/O+eqY1EN RITScnPzXE/wMOlTtdkddQ+QN6xt6jyR2XtAIi7aAFHypIqA3lLI9hF9x+lj4UQ2yA9LqpoX 6URpPOd13JhAyDe47cwsP1u9Y+OBvQTVLSvw7Liu2b4KjqL4lx++VdBi7dXsjJ6kjIRjI6Lb WVpxe8LumMCuVDepTafBZ49gr7Fgc4F9ZSCo6ChgQNLn6WDzIkqFX+42KuHz90AHWhuW+KZR 1aJylERWeTcMCGUSBptd48KniWmD6kPKpzwoMkJtEXTuO2lVuborxzwuqOTNuYg9lWDl7zKt wPI9brGzquUHy4qRrA==
Message-ID: <f3607e4f-c805-3cb5-110b-f09cb8748577@si6networks.com>
Date: Fri, 19 Apr 2019 01:39:56 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1
MIME-Version: 1.0
In-Reply-To: <CABcZeBPr2rfVkib684Gz4uCPWtFc4trwusJxNRJ6EPPpA=d0QA@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/pearg/VIIT5xYQvfDTihNed55TtU6Ymiw>
Subject: Re: [Pearg] [Secdispatch] Numeric IDs: Update to RFC3552
X-BeenThere: pearg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Privacy Enhancements and Assessment Proposed RG <pearg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/pearg>, <mailto:pearg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pearg/>
List-Post: <mailto:pearg@irtf.org>
List-Help: <mailto:pearg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/pearg>, <mailto:pearg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Apr 2019 23:40:22 -0000

On 19/4/19 01:09, Eric Rescorla wrote:
> 
> 
> On Thu, Apr 18, 2019 at 3:03 PM Fernando Gont <fgont@si6networks.com
> <mailto:fgont@si6networks.com>> wrote:
> 
>     On 18/4/19 15:45, Eric Rescorla wrote:
>     >
>     >
>     > On Tue, Apr 16, 2019 at 2:07 AM Fernando Gont
>     <fgont@si6networks.com <mailto:fgont@si6networks.com>
>     > <mailto:fgont@si6networks.com <mailto:fgont@si6networks.com>>> wrote:
>     >
>     >     Folks,
>     >
>     >     At the last secdispatch meeting I presented our I-D
>     >     draft-gont-predictable-numeric-ids.
>     >
>     >     >From the meeting discussion, it would seem to me that there
>     is support
>     >     for this work.
>     >
>     >     It would also seem to me that part of this work is to be
>     pursued in an
>     >     appropriate IRTF rg, while the update to RFC3552
>     >     (draft-gont-numeric-ids-sec-considerations) should be pursued
>     as an
>     >     AD-sponsored document.
>     >
>     >
>     > I'm somewhat skeptical on an update to 3552; the proposed set of
>     things
>     > to be improved seems unclear.
> 
>     Can you please state what's unclear?
> 
> 
> I understand the list of things in your document. However, there have
> been proposals for a larger revision to 3552.

There was an effort to revise RFC3552. It just didn't happen. Looks like
trying to boil the ocean wasn't the best idea.




>     > I don't think that the material in this document should be added to
>     > 3552, as the purpose of 3552 is not really to go into that kind of
>     > detail about any specific topic.
> 
>     What I would expect is that RFC3552 helps prevent us from coming up with
>     vulnerable implementations.
> 
> 
> This is not the purpose of 3552. Rather, it is to document what is
> required in a security considerations section in general (the threat
> model, an overview of common issues, etc.)  rather than to go into
> detail about a specific kind of attack. Otherwise, the amount of detail
> would become impractical. Indeed, just covering the space of attacks on
> cryptographic protocols would be impractical. One might imagine that if
> there were a revision it would contain a paragraph or three on this
> topic, but nowhere near the 30-odd pages of material that is in this
> document, and I don't think it's independently a reason to do a 3552
> revision.

You seem to be looking at the wrong document. The document in question
is this one:
https://tools.ietf.org/html/draft-gont-numeric-ids-sec-considerations-03

It's a total of 9 pages. If you remove abstract, boilerplate, and
references, you end up with ~4 pages. In fact, the update (and
indispensable text) is that in Section 5, and boils down to:

---- cut here ----
5.  Security and Privacy Requirements for Identifiers

   Protocol specifications that specify transient numeric identifiers
   MUST:

   1.  Clearly specify the interoperability requirements for the
       aforementioned identifiers.

   2.  Provide a security and privacy analysis of the aforementioned
       identifiers.

   3.  Recommend an algorithm for generating the aforementioned
       identifiers that mitigates security and privacy issues, such as
       those discussed in [I-D.gont-predictable-numeric-ids].
---- cut here ----



>     That said, this document is *updating* RFC3552, rather than a revision
>     of RFC3552. Therefore, the content in this document wouldn't become part
>     of RFC3552, necessarily.
> 
> 
> Well, the semantics of "Updates" would be somewhat confusing here.
> Certainly I don't think that this document is something we need to
> transitively incorporate into 3552, but I care a lot less about the
> contents of this header than I do about whether 3552 should be updated
> to include this material.

I do think RFC3552 should be updated as indicated (this stuff is general
enough to be covered there).

That said, the high-order bit here is to do something to prevent the bad
history we have wrt numeric ids from repeating itself.

If the whole point is that you'd like the "Updates: 3552 (if approved)"
header to be removed (along with references to "updating RFC3552"),
please say so. What we care about is to produce a change in what
specifications do with respect to numeric ids, rather than that what
specific document we are updating.

Thanks,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492