Re: [secdir] secdir review of draft-ietf-alto-protocol
"Dan Harkins" <dharkins@lounge.org> Tue, 18 February 2014 21:37 UTC
Return-Path: <dharkins@lounge.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A0B61A04B1; Tue, 18 Feb 2014 13:37:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.867
X-Spam-Level:
X-Spam-Status: No, score=-3.867 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vHhGOwvHS07T; Tue, 18 Feb 2014 13:37:55 -0800 (PST)
Received: from colo.trepanning.net (colo.trepanning.net [69.55.226.174]) by ietfa.amsl.com (Postfix) with ESMTP id E6FDD1A026D; Tue, 18 Feb 2014 13:37:54 -0800 (PST)
Received: from www.trepanning.net (localhost [127.0.0.1]) by colo.trepanning.net (Postfix) with ESMTP id D2FDE10224008; Tue, 18 Feb 2014 13:37:51 -0800 (PST)
Received: from 209.29.74.150 (SquirrelMail authenticated user dharkins@lounge.org) by www.trepanning.net with HTTP; Tue, 18 Feb 2014 13:37:52 -0800 (PST)
Message-ID: <aa67917b07c3157f039f8572c0c4f2e6.squirrel@www.trepanning.net>
In-Reply-To: <CADOmCZUMuzFQb6fN5bprh1E4GuJBerT3FjVc0Ek01_+2E9JhfQ@mail.gmail.com>
References: <23845_1391280851_s11IsAD0008772_cd3fb9f2748d08183af6652c0d58f61a.squirrel@www.trepanning.net> <1391369584.4360.72.camel@destiny.pc.cs.cmu.edu> <943e83dcb64a8666ea82900f013b2b9b.squirrel@www.trepanning.net> <CADOmCZX0a65F5dmiEf2Ayfx5FNc8nJ2Qvm7pPo0dL5NBrneD8w@mail.gmail.com> <ab03c2f49d11624502d39627e42e7018.squirrel@www.trepanning.net> <CADOmCZUMuzFQb6fN5bprh1E4GuJBerT3FjVc0Ek01_+2E9JhfQ@mail.gmail.com>
Date: Tue, 18 Feb 2014 13:37:52 -0800
From: Dan Harkins <dharkins@lounge.org>
To: Richard Alimi <ralimi@google.com>
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/URZatTt2KQUUhWvHo1dmqVRu43o
Cc: iesg@ietf.org, "draft-ietf-alto-protocol.all@tools.ietf.org" <draft-ietf-alto-protocol.all@tools.ietf.org>, secdir@ietf.org, Jeffrey Hutzelman <jhutz@cmu.edu>
Subject: Re: [secdir] secdir review of draft-ietf-alto-protocol
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Feb 2014 21:37:57 -0000
Hi Richard, On Mon, February 17, 2014 1:46 pm, Richard Alimi wrote: > On Mon, Feb 17, 2014 at 6:38 AM, Dan Harkins <dharkins@lounge.org> wrote: > >> >> Hi RIchard, >> >> On Sun, February 9, 2014 11:03 pm, Richard Alimi wrote: >> > On Sun, Feb 2, 2014 at 7:08 PM, Dan Harkins <dharkins@lounge.org> >> wrote: >> > >> >> >> >> On Sun, February 2, 2014 11:33 am, Jeffrey Hutzelman wrote: >> >> > On Sat, 2014-02-01 at 10:54 -0800, Dan Harkins wrote: >> >> > >> >> >> Also, given those >> >> >> restrictions and the fact that a tag just has to be less than >> >> >> or equal to 64 octets, the probability of identical tags >> being >> >> >> used is not zero. I think the probability of the tag from >> >> >> example 11.3.1.7 is 0.5 to collide with one of just 460 >> >> >> other Network Maps. >> >> >> >> >> >> I suggest requiring a tag to be 64 octets. That will make >> >> >> even money probability of collision among nearly 3000 >> >> >> other Network Maps, which is safer. >> >> > >> >> > OK, maybe I'm confused and reading out of context here. But I once >> >> had >> >> > someone tell me I needed to change my 5-character username because >> >> they >> >> > were requiring all usernames to be at least 6 characters, _in order >> to >> >> > increase the number of possible usernames_. That is, they claimed >> >> they >> >> > were increasing the size of a namespace by eliminating possible >> names. >> >> >> >> Well that's a hair brained policy, but username selection is not a >> >> good >> >> analogy. I was at a company that had no strict requirements on a >> >> username >> >> so there should have been a near infinite size of the namespace. But >> we >> >> had >> >> a collision when the company had less than 10 employees because there >> >> was another "dan" at the company. >> >> >> >> > The point is, if a tag is required to be exactly 64 octets, you get >> >> > 0x5e^64 possible tags. But if it is required to be up to 64 >> octets, >> >> you >> >> > get Sum(i=0..64) 0x5e^i possible tags, which is strictly greater >> than >> >> > 0x5e^64. So, requiring a tag to be 64 octets _reduces_ the number >> of >> >> > possible tags, thereby increasing the chance of collision. >> >> >> >> That would be the case if all tags in the Sum(i=1..64) 0x5e^i >> tagspace >> >> were equally probable of being chosen. Which implies implementations >> >> choosing a random tag length for each tag generated in addition to a >> >> random tag selection scheme for the randomly chosen length. I >> suspect, >> >> though, that in practice the tag length will be fixed for a >> particular >> >> implementation and the tag selection scheme will not necessarily be >> >> random. So the herd mentality, plus the proliferation of one or two >> >> companies' ALTO servers, will result in a severely reduced size of >> the >> >> effective tagspace and the increased possibility of collisions. >> >> >> >> A tag generated as SHA256(NetworkMap) represented in 64 hex >> >> characters would basically guarantee you'd never have a collision. >> >> Saying, "it can be anything you want as long as it's less than 64 >> >> octets" would not. >> >> >> > >> > Should I interpret your comment to say that we should to require >> > particular >> > mechanisms for generating version tags, or be more explicit about >> > suggesting mechanisms that have a low collision probability? >> >> Yes, I think you should. Suggestions on how to ensure a low >> probability of collision would be helpful. >> > > We've added the following text to section 10.3: > > It is RECOMMENDED that the tag have a low collision probability with other > tags. One suggested mechanism is to compute it using a hash of the data > content of the resource. That sounds great! >> >> > To help steer readers towards better implementation practices, we'll >> > change >> > the examples to use hashes in the version tags. >> >> That's a great idea. So people who implement ALTO and check >> the example will use hashes themselves and that will help ensure >> a low probability of collision. >> > > This change has been made to our copy in SVN. Fantastic. Thank you very much for your resolution to my comments. Dan. >> >> > Thank you again for the review! >> >> You're very welcome! >> >> regards, >> >> Dan. >> >> >> >
- [secdir] secdir review of draft-ietf-alto-protocol Dan Harkins
- Re: [secdir] secdir review of draft-ietf-alto-pro… Jeffrey Hutzelman
- Re: [secdir] secdir review of draft-ietf-alto-pro… Dan Harkins
- Re: [secdir] secdir review of draft-ietf-alto-pro… Dan Harkins
- Re: [secdir] secdir review of draft-ietf-alto-pro… Richard Alimi
- Re: [secdir] secdir review of draft-ietf-alto-pro… Richard Alimi
- Re: [secdir] secdir review of draft-ietf-alto-pro… Dan Harkins
- Re: [secdir] secdir review of draft-ietf-alto-pro… Dan Harkins
- Re: [secdir] secdir review of draft-ietf-alto-pro… Richard Alimi
- Re: [secdir] secdir review of draft-ietf-alto-pro… Richard Alimi
- Re: [secdir] secdir review of draft-ietf-alto-pro… Y. Richard Yang
- Re: [secdir] secdir review of draft-ietf-alto-pro… Dan Harkins
- Re: [secdir] secdir review of draft-ietf-alto-pro… Dan Harkins