[Pearg] Review of draft-irtf-pearg-numeric-ids-history-01

Christopher Wood <caw@heapingbits.net> Sun, 29 March 2020 00:44 UTC

Return-Path: <caw@heapingbits.net>
X-Original-To: pearg@ietfa.amsl.com
Delivered-To: pearg@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 302C73A0C31 for <pearg@ietfa.amsl.com>; Sat, 28 Mar 2020 17:44:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.2
X-Spam-Status: No, score=-0.2 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b=J5fjXBGf; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=uTP2D/KQ
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id rF6TGBj8ILhr for <pearg@ietfa.amsl.com>; Sat, 28 Mar 2020 17:44:53 -0700 (PDT)
Received: from wout2-smtp.messagingengine.com (wout2-smtp.messagingengine.com []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 748613A0C35 for <pearg@irtf.org>; Sat, 28 Mar 2020 17:44:53 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal []) by mailout.west.internal (Postfix) with ESMTP id C47BD654 for <pearg@irtf.org>; Sat, 28 Mar 2020 20:44:51 -0400 (EDT)
Received: from imap4 ([]) by compute1.internal (MEProxy); Sat, 28 Mar 2020 20:44:51 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=mime-version:message-id:date:from:to:subject:content-type; s= fm1; bh=ZXZHDplA/JOwLue/pw2j2LKyoQ6aal5CDWCTXnCBDdw=; b=J5fjXBGf vaT50t7gHl0LsSoQhC9iWrAP0YM5zMYmi8IS22BOutQsOk2UQJf5UNkhr0tZcVEd y1P8k9C+Kq3ssGJDnjOyS6H7BfyhvBwxkerfPLZj/joxCVsGloaG/HkmeLgUsDvY TgjUDYwfTFthuyOQF0n3TeAI/hxQ79YZ0TM9o+rGZ3rCgYk2XqsY7wX8RFuI2GpL fSVkNUEtWKfq3ivV2S/i15VeS2qDSOVkAT0/za2yJvUGidaqFLKBwhN+KDhHviH7 ZtPjAPLBLdQckztWMdsyciGc+W01pkdq974tKocHngnIq1paL+Js5xGPdV0i85u+ GM6mDrvZ5jPlMA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:message-id :mime-version:subject:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; bh=ZXZHDplA/JOwLue/pw2j2LKyoQ6aa l5CDWCTXnCBDdw=; b=uTP2D/KQtjxrIy2ss5Dq2AbZp1nlsIXDvM8/ZuZUCaS57 BKoUpvwVuT3PKBBmwE1oVo4cVNqkKp2tOxVIIdA2A6sksuTSOY62VbnQNwD5yImD q3B2fcQF/QMoM7Vop0aznY6nngJZWnOjYnwl5MNiXQRzAdHyM+Twq0sX3rcWEZ36 RSzYjxsynEAVmFsRQkbHxHj0DBvaRTUK8Rqv//ogCfy47c7ApmAMxFRiNQWMuEFZ I4hRZaVAymFaXtOJkF2eo151Wg8Delj7FRBSSHKxwcqHFV/L9r7OV6FRajGOlALX XWlpKHVPEo85Uff4gq3S4fhSgs5oV/O8LnlIc6LBw==
X-ME-Sender: <xms:g-9_XrpQfjf9AcXsMg-zakrnALEusbBEMotc9URpR2d49ho7OjIa4g>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedugedrudeivddgvdeiucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfffhffvufgtsehttdertd erredtnecuhfhrohhmpedfvehhrhhishhtohhphhgvrhcuhghoohgufdcuoegtrgifsehh vggrphhinhhgsghithhsrdhnvghtqeenucffohhmrghinhepihgvthhfrdhorhhgnecuve hluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheptggrfieshhgv rghpihhnghgsihhtshdrnhgvth
X-ME-Proxy: <xmx:g-9_Xh9FSYJ-tVfGeKuqhtuGPX685DXI3NHUJMj9xGQcw21wwH-9VA> <xmx:g-9_Xp3q1aGEXzb3ERH5e3JLq5PW6fqibo-7xEa60zVkfG1Dcwvgrg> <xmx:g-9_XsCx3tDP8HKvmShWM1muSpEviFvaMJw7Yn6WqgR2leoR18Cx1Q> <xmx:g-9_Xhu4fYx2bxadxcX-SQD5NDKwDC93kBE-FyqvJ-rHZRz2ENXj3w>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 0DA423C00A1; Sat, 28 Mar 2020 20:44:51 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.7-1021-g152deaf-fmstable-20200319v1
Mime-Version: 1.0
Message-Id: <819285e9-f34e-4815-a046-852c453d23f8@www.fastmail.com>
Date: Sat, 28 Mar 2020 17:44:30 -0700
From: "Christopher Wood" <caw@heapingbits.net>
To: pearg@irtf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/pearg/iOAyuVRrwbODpeaSUfLKq7Es_0Q>
Subject: [Pearg] Review of draft-irtf-pearg-numeric-ids-history-01
X-BeenThere: pearg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Privacy Enhancements and Assessment Proposed RG <pearg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/pearg>, <mailto:pearg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pearg/>
List-Post: <mailto:pearg@irtf.org>
List-Help: <mailto:pearg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/pearg>, <mailto:pearg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Mar 2020 00:44:55 -0000

Document: draft-irtf-pearg-numeric-ids-history-01 [https://tools.ietf.org/id/draft-irtf-pearg-numeric-ids-history-01.txt]

Assessment: Almost ready

Thanks for putting this information together! I think the analysis and timeline are 
a testament to the importance and subtleties of numeric identifier generation. 
The amount of detail is quite comprehensive. Even if there are glaring omissions,
I think the overall point is made clear.

I only have some high level comments on the document, along with several nits. 
(If it'd be easier, and if you have the repository on GitHub, I can submit a PR 
for the nits.)


- Section 2: Neither hard nor soft failures are used in the document. Can we just remove 
these terms altogether?
- Section 3: Perhaps it's worth mentioning that we consider the standard Dolev-Yao 
style attacker as outlined in RFC3552?
- Section 5, second paragraph: It looks the start of this sentence (or paragraph)
was accidentally deleted:

   he interoperability requirements for TCP ISNs are probably not
   clearly spelled out as one would expect.  

- Abstract: "implications" seems like the wrong word. Perhaps "properties" can be
used instead? (That is, identifiers can affect security and privacy properties, not
affect *implications*. This is what's used in Section 1, too.)
- Section 1: s/the poor selection of the aforementioned/poor selection of numeric
- Section 1: The sentence, "While it is generally possible... is non-trivial" seems like
it can come at the *end* of the introduction, or removed altogether as it's redundant
with a later sentence in the same section.
- Section 1 (and elsewhere): and/or is not a word -- please use or.
- Section 1: it might help to clarify what is an "inappropriate" algorithm.
- Section 1: s/The analysis of such timelines indicate that/This analysis indicates that
- Section 4: s/The above mas been/The above has been
- Section 4: s/specification misses a/specification omits
- Section 4: s/This has resulted in virtually all/This resulted in many
- Section 4: In the December 2014 entry, it would be good to reference 
I-D.gont-6man-predictable-fragment-id specifically rather than say "the aforementioned
IETF Internet Draft".
- Section 5: s/leads to negative security and privacy implications/harms security 
and privacy properties (Let's make this change through the document, please!)
- Section 6: s/replacement of such flawed scheme/replacement of this flawed scheme
- Section 6: s/wg item of the 6man wg/WG item of the 6man WG (capitalize WG here and elsewhere)
- Section 7: s/The NTP [RFC5905] is employed to avoid/NTP [RFC5905] avoids
- Section 8: s/The proposal experiments/The proposal experiences
- Section 10: s/This document analyzes the timeline of the specification of different types of "numeric identifiers" used in IETF protocols/This document analyzes the timeline of IETF protocol "numeric identifiers"