Re: [rtcweb] [AVTCORE] Randomly-generated CNAMEs
Randell Jesup <randell-ietf@jesup.org> Fri, 22 June 2012 03:02 UTC
Return-Path: <randell-ietf@jesup.org>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF5A721F85E5 for <rtcweb@ietfa.amsl.com>; Thu, 21 Jun 2012 20:02:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.76
X-Spam-Level:
X-Spam-Status: No, score=-1.76 tagged_above=-999 required=5 tests=[AWL=0.839, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LzDaVpyS9xnW for <rtcweb@ietfa.amsl.com>; Thu, 21 Jun 2012 20:02:09 -0700 (PDT)
Received: from r2-chicago.webserversystems.com (r2-chicago.webserversystems.com [173.236.101.58]) by ietfa.amsl.com (Postfix) with ESMTP id E83F721F85E4 for <rtcweb@ietf.org>; Thu, 21 Jun 2012 20:02:08 -0700 (PDT)
Received: from pool-108-16-41-249.phlapa.fios.verizon.net ([108.16.41.249] helo=[192.168.1.12]) by r2-chicago.webserversystems.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <randell-ietf@jesup.org>) id 1Shu8O-0005TX-10 for rtcweb@ietf.org; Thu, 21 Jun 2012 22:02:08 -0500
Message-ID: <4FE3E00C.6090006@jesup.org>
Date: Thu, 21 Jun 2012 23:01:32 -0400
From: Randell Jesup <randell-ietf@jesup.org>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:13.0) Gecko/20120614 Thunderbird/13.0.1
MIME-Version: 1.0
To: rtcweb@ietf.org
References: <CABcZeBOGHimbibmQNOKrSEKqFRkq7Y1nWfSJJofP5eLZkJ+ULg@mail.gmail.com> <075C431A-A103-4C7E-9D4A-F80CB97DD9FB@csperkins.org> <BB321CED-DBDD-4E6F-997B-8490912F6315@iii.ca> <CABcZeBNvOJJL7YMk4jEQi5g=LbULiNob4LrxUuL-d-qO05_5PQ@mail.gmail.com> <CABkgnnUZOPygWgUQ7f4LnFEjOmQE2vA+KNic0gts3=MTHs8b8Q@mail.gmail.com> <0114FC22-FAE9-491D-8E5B-97A38F7714E7@csperkins.org> <CABcZeBMU4NNfmWRDXD30OmdvJLCSeJnQPgrkdLBFumepYsFoYg@mail.gmail.com> <A09FD671-5818-4881-9DD9-30FC0EA3D7EE@csperkins.org> <CALw1_Q2=4U7Fx2P5K448L2qcBjntgT_Yb4WwVEGwucE+RCj_1Q@mail.gmail.com> <CABcZeBPgz1s1jH=eRawyJ8d4OhyD2XeYjes37amaph=Hnx04Cg@mail.gmail.com>
In-Reply-To: <CABcZeBPgz1s1jH=eRawyJ8d4OhyD2XeYjes37amaph=Hnx04Cg@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - r2-chicago.webserversystems.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - jesup.org
X-Source:
X-Source-Args:
X-Source-Dir:
Subject: Re: [rtcweb] [AVTCORE] Randomly-generated CNAMEs
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Jun 2012 03:02:09 -0000
On 6/21/2012 7:12 PM, Eric Rescorla wrote: > This matches my analysis. Mine also, and I agree a 64-bit cryptographically random number is safer against collision than the RFC 6222 value, unless you *want* to be able to reverse the operation to find the inputs. I agree with Justin that there's no reason we can see to implement RFC6222 instead of using a 64-bit random number per above, and plenty of reasons to use the 64-bit number. > On Thu, Jun 21, 2012 at 4:09 PM, Kevin Gross <kevin.gross@avanw.com> wrote: >> It seems like, pure random CNAMEs would have the same or better probability >> of uniqueness compared to the hashed values specified in 6222. I don't think >> it is difficult to prove this if you assume the hash function does what it's >> designed to and makes data white. 48 is not enough bits to ensure uniqueness >> of a large population of random numbers. If I remember correctly, 64 bits is >> where the statistics start to get comfortable. See >> http://en.wikipedia.org/wiki/Birthday_problem. Potentially there's a bigger >> problem here than linkability :( >> >> Kevin Gross >> >> On Thu, Jun 21, 2012 at 4:28 PM, Colin Perkins <csp@csperkins.org> wrote: >>> >>> On 21 Jun 2012, at 23:10, Eric Rescorla wrote: >>>> On Thu, Jun 21, 2012 at 2:54 PM, Colin Perkins <csp@csperkins.org> >>>> wrote: >>>>> On 21 Jun 2012, at 20:09, Martin Thomson wrote: >>>>>> On 21 June 2012 05:48, Eric Rescorla <ekr@rtfm.com> wrote: >>>>>>> On Thu, Jun 21, 2012 at 5:39 AM, Cullen Jennings <fluffy@iii.ca> >>>>>>> wrote: >>>>>>>> I think what EKR was getting at is that if A call B in one phone >>>>>>>> call, then day later A wants to make an anonymous call to B, B should not be >>>>>>>> able to tell the second call is coming from same devices. I think that was >>>>>>>> part of the goal of 6222 but from EKR's email it looks like it fails to >>>>>>>> provide that. >>>>>>> >>>>>>> Exactly. >>>>>> >>>>>> I agree with the analysis. The idea that the same browser could be >>>>>> correlated across two independent sessions bothers me. Within the one >>>>>> "session", fine - on the contrary, mandatory. Outside of that, I'd >>>>>> like at least an option for anonymity. >>>>> >>>>> Using SRTP to encrypt the traffic will stop third-parties correlating >>>>> the sessions, and RTCWeb is mandates SRTP and encryption. >>>> >>>> I'm concerned about tracking by people who are second parties. >>>> >>>> Consider the case where I call you from an anonymous phone at a domestic >>>> violence shelter. I record the CNAME and then call all the DV shelters until >>>> I determine which one has a CNAME from the same device. >>>> >>>>> RFC 6222 does define per-session RTCP CNAME values, if you're concerned >>>>> about the called party being able to correlate sessions based on the RTCP >>>>> CNAME. We could mandate those instead of short-term persistent RTCP CNAME >>>>> values. If that's not sufficient, then someone will need to write a draft >>>>> that defines a new RTCP CNAME generation algorithm, which this draft can >>>>> refer to. >>>> >>>> The problem is that those per-session CNAME values do not appear to be >>>> unlinkable. I.e., they are distinct but they are generated from the same >>>> underlying data with insufficient entropy to prevent someone who knows two >>>> CNAMEs from determining if they are from the same device. >>>> >>>> As far as new algorithm goes, is there some reason "Random" isn't good >>>> enoguh? >>> >>> >>> There's some discussion in RFC 3550 Section 6.5.1 and RFC 6222. It might >>> be possible to use a random choice, provided the same random value is used >>> across all sessions that need to be correlated, and the value is chosen to >>> be unique with high probability. I haven't thought about it in detail. In >>> any case, it's an update to RFC 3550 and RFC 6222, so someone will have to >>> write up the draft defining this. >>> >>> -- >>> Colin Perkins >>> http://csperkins.org/ -- Randell Jesup randell-ietf@jesup.org
- [rtcweb] Randomly-generated CNAMEs Eric Rescorla
- Re: [rtcweb] [AVTCORE] Randomly-generated CNAMEs Colin Perkins
- Re: [rtcweb] [AVTCORE] Randomly-generated CNAMEs Cullen Jennings
- Re: [rtcweb] [AVTCORE] Randomly-generated CNAMEs Eric Rescorla
- Re: [rtcweb] [AVTCORE] Randomly-generated CNAMEs Martin Thomson
- Re: [rtcweb] [AVTCORE] Randomly-generated CNAMEs Colin Perkins
- Re: [rtcweb] [AVTCORE] Randomly-generated CNAMEs Eric Rescorla
- Re: [rtcweb] [AVTCORE] Randomly-generated CNAMEs Colin Perkins
- Re: [rtcweb] [AVTCORE] Randomly-generated CNAMEs Eric Rescorla
- Re: [rtcweb] [AVTCORE] Randomly-generated CNAMEs Eric Rescorla
- Re: [rtcweb] [AVTCORE] Randomly-generated CNAMEs Justin Uberti
- Re: [rtcweb] [AVTCORE] Randomly-generated CNAMEs Randell Jesup
- Re: [rtcweb] [AVTCORE] Randomly-generated CNAMEs Dan Wing
- Re: [rtcweb] [AVTCORE] Randomly-generated CNAMEs Harald Alvestrand
- Re: [rtcweb] [AVTCORE] Randomly-generated CNAMEs Glen Zorn
- Re: [rtcweb] [AVTCORE] Randomly-generated CNAMEs Kevin Gross
- Re: [rtcweb] [AVTCORE] Randomly-generated CNAMEs Ali C. Begen (abegen)
- Re: [rtcweb] [AVTCORE] Randomly-generated CNAMEs Kevin Gross
- Re: [rtcweb] [AVTCORE] Randomly-generated CNAMEs Cullen Jennings
- Re: [rtcweb] [AVTCORE] Randomly-generated CNAMEs Colin Perkins
- Re: [rtcweb] [AVTCORE] Randomly-generated CNAMEs DRAGE, Keith (Keith)
- Re: [rtcweb] [AVTCORE] Randomly-generated CNAMEs Cullen Jennings
- Re: [rtcweb] [AVTCORE] Randomly-generated CNAMEs Colin Perkins
- Re: [rtcweb] [AVTCORE] Randomly-generated CNAMEs Cullen Jennings