Re: [saag] Identifier uniqueness and draft-gont-predictable-numeric-ids
Programa STIC <stic@fundacionsadosky.org.ar> Thu, 07 April 2016 22:37 UTC
Return-Path: <stic@fundacionsadosky.org.ar>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D60312D5E7 for <saag@ietfa.amsl.com>; Thu, 7 Apr 2016 15:37:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fundacionsadosky.org.ar
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2a0euXXWS092 for <saag@ietfa.amsl.com>; Thu, 7 Apr 2016 15:37:16 -0700 (PDT)
Received: from mail-qg0-x234.google.com (mail-qg0-x234.google.com [IPv6:2607:f8b0:400d:c04::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 004AC12D154 for <saag@ietf.org>; Thu, 7 Apr 2016 15:37:15 -0700 (PDT)
Received: by mail-qg0-x234.google.com with SMTP id j35so76631758qge.0 for <saag@ietf.org>; Thu, 07 Apr 2016 15:37:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fundacionsadosky.org.ar; s=google; h=sender:subject:to:references:from:organization:reply-to:message-id :date:user-agent:mime-version:in-reply-to; bh=rhCSM4zBKBITE48+RD5RawwqixUIt/bOq5zgTsojCPU=; b=LOivO8ROLaD8HeD6omn3+CLX5tyFPHaPJqUIuf1tM5dJCyr+JU1SvaNcHwJYchI6z4 L70E/CtU4jc+HZUIMdvjW9BR+FlQYAeFMUuxslVZyzXMQffFJeppsMJyZzAn73aCd92E jxfcR8n8delNBO4/6/xZ4hZyb7DNGEmT4bi2A=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:sender:subject:to:references:from:organization :reply-to:message-id:date:user-agent:mime-version:in-reply-to; bh=rhCSM4zBKBITE48+RD5RawwqixUIt/bOq5zgTsojCPU=; b=N1YQrcT7IqDmTh0LgYz3Kt7jU8jI/WQ45KNYM6QhpEZGtHLyqtU+HpBmaxus6OPWcb PiHBiQcDXfKBSIJw9E1T0BmiUWYyOoA2RApLh9D9tdXgjMcAC92qihg+lTzZS/ke7anR Y5CTWkgBzWYbv7gnls80o4S9Tmy3eq+SVHtwfIzZIH2ckEo4BlmBNIGYMQay/XDG781E 3J4Jpe4wV1JmON7wL5W5GvxmszOUAsTwbbJvY/AxQcrLx5EeaE9KAzCRbDAwbSJl0q4B aiqMQRCLYGcJhrQgiBobQ29nkRNGaN96nBuU7o84Sirk5DxmRZDDawTaHiHiJfLk5zCv Ne3A==
X-Gm-Message-State: AD7BkJLEbY27gJZxc3CzdtndzuEg1UKHybSIIkyrROz9dLrsGrUM9JzqzyTQNGEK04x9Hg==
X-Received: by 10.140.152.78 with SMTP id 75mr7397825qhy.22.1460068635077; Thu, 07 Apr 2016 15:37:15 -0700 (PDT)
Received: from [192.168.1.4] (host11.186-108-126.telecom.net.ar. [186.108.126.11]) by smtp.googlemail.com with ESMTPSA id w32sm4325711qge.12.2016.04.07.15.37.13 for <saag@ietf.org> (version=TLSv1/SSLv3 cipher=OTHER); Thu, 07 Apr 2016 15:37:13 -0700 (PDT)
Sender: Ivan Arce <iarce@fundacionsadosky.org.ar>
To: saag <saag@ietf.org>
References: <CABkgnnWQJSPvx1gR6GtR1NmgB8w6cHCUNxkN6VhxJOBPuWFXHQ@mail.gmail.com>
From: Programa STIC <stic@fundacionsadosky.org.ar>
Organization: Fundación Dr. Manuel Sadosky
Message-ID: <5706E10C.6060309@fundacionsadosky.org.ar>
Date: Thu, 07 Apr 2016 19:37:00 -0300
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0 Lightning/4.0.6
MIME-Version: 1.0
In-Reply-To: <CABkgnnWQJSPvx1gR6GtR1NmgB8w6cHCUNxkN6VhxJOBPuWFXHQ@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="24UqfulHVcIJIXktOvbatuQ5SFAU2ex4S"
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/mpcZpfNKorfUZPCOAOGF3bUSgWA>
Subject: Re: [saag] Identifier uniqueness and draft-gont-predictable-numeric-ids
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: stic@fundacionsadosky.org.ar
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Apr 2016 22:37:18 -0000
Hello Martin, thanks for your comments, see mine inline El 7/4/16 a las 15:44, Martin Thomson escribió: > I feel that the treatment of identifiers and the resulting taxonomy > needs to be considered differently. > > Identifiers inherently need to uniquely identify things. That is, > each identifier needs to identify a single thing [48]. I believe that > to be constant across these examples, though there might be some > confusion about what is being identified. Indeed, identifiers identify things _within a given context_. To avoid a recursive definition and to try to narrow down the scope of the document just to numeric ids we defined "identifier" in section 2 as: A data object in a protocol specification that can be used to definetely distinguish a protocol object (a datagram, network interface, transport protocol endpoint, session, etc) from all other objects of the same type, in a given context. Identifiers are usually defined as a series of bits and represented using integer values. We note that different identifiers may have additional requirements or properties depending on their specific use in a protocol. We use the term "identifier" as a generic term to refer to any data object in a protocol specification that satisfies the identification property stated above. We believe the above definition should capture accurately what you wrote. Note however that we introduced the "within context" qualifier because an identifier value could be repeated in different contexts and still identify a unique thing in each of them, i.e. the value of the IPv4 ip_id generated by an IP stack could be repeated over time its running but it would still identify a single packet during its lifetime on the network. If you feel the above definition needs to be tweaked please let us know of suggested changes. One possible change could be to substitute "definetely" with "uniquely" but I don't know if that's strictly necessary. > The example of v6 flow > labels suggests to me that the thing being labelled is not a single > flow, but the set of flows that will be collated. This I will need to look into, for now I defer to Fernando to comment on. > > What differs is the process by which uniqueness is guaranteed. > Uniqueness in many contexts is assured by fiat: an authority is known > to control a given space and only that authority can generate > identifiers in that space. For example, a server controls what the > TCP port numbers its servers use identify. Centralized, delegated, federated or distributed generation of identifier values does not guarantee uniquess per se, its all dependent on the algorithms used. In some scenarios, for example a central authority that generates identifiers on demand, some algorithms will guarantee uniqueness (ie. a global variable initialized and incremented by 1 for each request of a new id) while in other scenarios other algorithms may accomplish the same (ie. a lookup on a table of precomputed values). However, the point we are trying to raise is that from the security & privacy perspective, in many cases uniqueness is not sufficient. In many cases non-predictability and collision resistance are additional properties desired or even needed to avoid attack. During the session today somebody (sorry I did not write down your name) indicated that perhaps it is good to differentiate identifier values that are generated at "spec time" or/and that remain fixed throughout the lifetime of the protocol from those that are generated dynamically at runtime by the protocol's implementation. I concur. Our draft seeks to analyze S&P issues with the latter and present some guidelines to both designers and implementors on how to spec identifiers and how to select suggested algorithms for implementation. > > We have a few examples where uniqueness is distributed (e.g., CGA) and > protocol mechanisms are used to ensure uniqueness. There are specific > privacy and security considerations that arise from having a protocol > mechanism, so this method of arriving at uniqueness warrants some > discussion because it entails a new protocol, but I don't believe that > it justifies the hard/soft distinction in the proposed taxonomy. The hard/soft distinction in the draft is applied to interoperability. We what to use the distinction to point out that there isn't bijection between interop failure modes and S&P failure modes. What may be considered a "soft failure" for interoperability (ie. a id collision on a DNS id) may end up being one or more "hard" failures or serious problems in the security & privacy context (ie. DNS cache poisoning). On the other hand, hard failures in interoperability almost always imply a vulnerability to denial of service attack. What I took out from today's session is that we may need to make this mapping more explicit. > > Finally, the monotonically increasing category is not particularly > special. The identifier (e.g., a TCP sequence number) still uniquely > identifies a subject (in this case, the first octet of a segment). > The process for ensuring uniqueness is merely different. We believe it is indeed special. The point here is that requiring monotonically increasing values for a identifier introduces additional, and sometimes unneeded, property: an ordering relationship. The result is a protocol field that is "semantically overloaded", it is not just unique but can also be used to order bytes, or even to order sequences of bytes. In some cases this property is needed or desirable, in other cases it is totally unneeded. Again, here we can see how a global counter incremented by 1 per packet does something more than just ensure uniqueness. A protocol that defines an Identifier that needs to be unique (within context) but specifies generation of its values using a monotonically increasing sequence is "over specifying" the ID definition and should trigger a warning in a S&P review. Likewise a a protocol that defines an Identifier that needs to be unique but does not properly describe the context or provide guidance on how to achieve is under specified. Thanks for your feedback, -ivan
- Re: [saag] Identifier uniqueness and draft-gont-p… Fernando Gont
- Re: [saag] Identifier uniqueness and draft-gont-p… Fernando Gont
- Re: [saag] Identifier uniqueness and draft-gont-p… Fernando Gont
- [saag] Identifier uniqueness and draft-gont-predi… Martin Thomson
- Re: [saag] Identifier uniqueness and draft-gont-p… Adam Montville
- Re: [saag] Identifier uniqueness and draft-gont-p… Programa STIC
- Re: [saag] Identifier uniqueness and draft-gont-p… Martin Thomson
- Re: [saag] Identifier uniqueness and draft-gont-p… Fernando Gont
- Re: [saag] Identifier uniqueness and draft-gont-p… Fernando Gont
- Re: [saag] Identifier uniqueness and draft-gont-p… Martin Thomson
- Re: [saag] Identifier uniqueness and draft-gont-p… Fernando Gont