[secdir] Secdir review of draft-gont-numeric-ids-sec-considerations-06

Charlie Kaufman <charliekaufman@outlook.com> Sat, 02 January 2021 22:25 UTC

Return-Path: <charliekaufman@outlook.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C9ABF3A0EBF; Sat, 2 Jan 2021 14:25:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=outlook.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jF0ZzpDQe-qA; Sat, 2 Jan 2021 14:25:10 -0800 (PST)
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11olkn2072.outbound.protection.outlook.com [40.92.19.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 484C33A0EB9; Sat, 2 Jan 2021 14:25:10 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jBXz7YXWi0FYww27/mBMpmcTXhZeLJEW3TT8+z06iMINEoQr0ihafKMzjRfonWo6wBN80ZroNB8nUe7hSu1Vj1zDGzA297BfczoiLAziSx9BMKtXsbgUgeipIdPvCQ+695xa944GssKuoRWKS9HzgHpefUpbgo7X/QC4Z3NUBKtOTvPUHt9HCpK/ge4ZX/Mm4Oa0MDBx2MzqzwYUCStWU2GgQixau7YI7RKni9NkIhfYN32CbGoP204OUysDasTmz2KK+crqqVY/ZtWFOS3IWAOhLC91f0KQktEasQKVjjA8lO2lmAyGxH3fFWh60a3QCJyJ+1Nyow7KgfdTkz/s9A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=J1F2BDC+lhglEhxRgKorposm0OxujqpxX29L5RGNn5k=; b=Gp7N3TokCyjU/+QaWPjebgm5xmCBjepa3l7Bgmptjwqk74T558i9dWTB5cFiaa3vjQMH3DTOdYWNzxubsA3Y8JsEfgcTMeV6tADDmb8dOzkVDTnjWCTkJHbpNNmXSLwMiEi8mroaMjYNTj1PhWGp9kyRjcTT1j2PyyNa1Sawh+GVFTpyL6Rs7/CsWCj/e5lMG/18tUcP1S+NBUCF+B9q2KMuPHxUtsGhFJ94QtEgAinpkhkRkW+knDA7x7bRJtR3E4erzgXO+bIu94qjb1sIYbjVoUyBfT6dSv2pjZBBj74G86zQ6h8KmLVUaljGWTe9+BWUMlDfYAX/cbdiAZOhJQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=J1F2BDC+lhglEhxRgKorposm0OxujqpxX29L5RGNn5k=; b=Qj6g6KkVwLQWg6QNPFCrsKHN93IhIFVb1h5DpOPSYHKjPsy6UWSsw9ZSVMpERlJhjoJN0VUXRlrtE0kriDsGa2Mn2N2S5d35+z+vS8INCruVLj20nv+XPNj8FQwrPI0OPZKj+GrGjNIgkp3+yMyfGgHL6I92TrLxI8bmSep3OOPvnI4cSUAeGM7bXIdBkDf4antoLum++81cI0s4KhJorOQHV2mcxtQlHeqo4aoqQOEszbYrTrC5b8ognmPbYLMkODGQrC4vpBET04wIT4zkVINW1f1ajohuN/yIB72GrWyibr5x3c5Nt2Wwq1abL7sXv0QegLtNsLByDZ17qWfZvw==
Received: from CO1NAM11FT009.eop-nam11.prod.protection.outlook.com (2a01:111:e400:3861::4b) by CO1NAM11HT181.eop-nam11.prod.protection.outlook.com (2a01:111:e400:3861::187) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3721.23; Sat, 2 Jan 2021 22:25:06 +0000
Received: from MW2PR1901MB4683.namprd19.prod.outlook.com (2a01:111:e400:3861::4d) by CO1NAM11FT009.mail.protection.outlook.com (2a01:111:e400:3861::317) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3721.23 via Frontend Transport; Sat, 2 Jan 2021 22:25:06 +0000
Received: from MW2PR1901MB4683.namprd19.prod.outlook.com ([fe80::acfb:46c0:302:e8b0]) by MW2PR1901MB4683.namprd19.prod.outlook.com ([fe80::acfb:46c0:302:e8b0%7]) with mapi id 15.20.3721.020; Sat, 2 Jan 2021 22:25:06 +0000
From: Charlie Kaufman <charliekaufman@outlook.com>
To: "secdir@ietf.org" <secdir@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "draft-gont-numeric-ids-sec-considerations.all@ietf.org" <draft-gont-numeric-ids-sec-considerations.all@ietf.org>
Thread-Topic: Secdir review of draft-gont-numeric-ids-sec-considerations-06
Thread-Index: AQHW4VX2SjD0sId81UObyThhAnVqCg==
Date: Sat, 02 Jan 2021 22:25:06 +0000
Message-ID: <MW2PR1901MB46833CA29CAF359CA145963CDFD40@MW2PR1901MB4683.namprd19.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-incomingtopheadermarker: OriginalChecksum:32710F484CDA4554084264C35030BB8C51C875F34BD42EF88F85773F6F813F2D; UpperCasedChecksum:077983F85F332999B2D438FF9AD9C42547A07468E3E5C31A34C2F194DA7FC184; SizeAsReceived:6875; Count:41
x-tmn: [f/Z5pKDgeIyNn1DdCZzsyamZkGlMVKhW]
x-ms-publictraffictype: Email
x-incomingheadercount: 41
x-eopattributedmessage: 0
x-ms-office365-filtering-correlation-id: 97d77120-8618-4ac2-e82f-08d8af6d41fb
x-ms-traffictypediagnostic: CO1NAM11HT181:
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: N0RbWmk4XDMLH6KtW7kqT7OVk7K1J0vY73VVvewlMw2jNv/0ENXZxeri9dA9oumjH8Yg1+pIINfKNq9hoUCLzr3d26QtHH4Cw7s8O/sqIMr/vtOCeGleXVJl87+YY6PaMp4SzcGY0hcDQREQIDvTdcE5WiVPgAo5mcVxkIYEvZTpt5RAqJ2+6iH9xqOaxEB6RLZuPZN3aFAKTDZ8wY1lgco9VkvSMiUlk3mKhdZ97D3FbynYAOQBJfXF3rI9GPUU
x-ms-exchange-antispam-messagedata: y5MBTnc760AJNeEs5ov9P3K2a52mwOuWMAkMDQEsizVKOuVUYrvHoVAvUkePj7hRxPLfBWrXh5OqoTZujH3iMp2XL1PxTKNVDW+vTs76fUYtwZlPdKXG4kePJEP/dTlSUcbX3D8ceJQl3Mqri8perQ==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_MW2PR1901MB46833CA29CAF359CA145963CDFD40MW2PR1901MB4683_"
MIME-Version: 1.0
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-AuthSource: CO1NAM11FT009.eop-nam11.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: 97d77120-8618-4ac2-e82f-08d8af6d41fb
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Jan 2021 22:25:06.5649 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Internet
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1NAM11HT181
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/sQng3uScgEGcQzI4S2hCpBksois>
Subject: [secdir] Secdir review of draft-gont-numeric-ids-sec-considerations-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 02 Jan 2021 22:25:12 -0000

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

This document (with intended status of BCP) offers (necessarily) vague advice on what specs should say about the selection of transient numeric identifiers used in networking protocols (like TCP sequence numbers, DNS TxIDs, IP Fragment Identifiers, etc.). It updates RFC 3552 ("Guidelines for Writing RFC Text on Security Considerations") in the sense that it offers additional guidance for information to be included in security considerations, though it more importantly offers guidance on how the text prescribing how these transient identifiers are chosen should be specified. The security considerations might include a justification of why those algorithms are appropriate.

Essentially, it says that when picking transient numeric identifiers, beware of leaking information about other things going on at the node choosing the identifiers to either eavesdroppers or to the legitimate target of the communication (or making it possible for someone off-path to guess the identifiers being used and forge packets). There is ample history of implementers making bad choices in this space to warrant getting the advice out there. My only reservation with this document is that it would be nice if the advice could be somewhere more visible (e.g., in some future update to RFC3552).

There are three other I-Ds in process with closely related content; it would be kind to readers if these could be combined into one. They are: draft-gont-predictable-numeric-ids, draft-irtf-pearg-numeric-ids-generation, and draft-irtf-pearg-numeric-ids-history. It's hard to imagine a reader of any one of these who would not benefit from reading the others.


Typos:

p6 Section 4: "to be a predictable" -> "to be predictable"
"identifiers in other context" -> "identifiers in another context"

--Charlie