Re: [secdir] secdir review of draft-ietf-alto-protocol
Richard Alimi <ralimi@google.com> Mon, 17 February 2014 21:46 UTC
Return-Path: <ralimi@google.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 384171A0408 for <secdir@ietfa.amsl.com>; Mon, 17 Feb 2014 13:46:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.926
X-Spam-Level:
X-Spam-Status: No, score=-1.926 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.548, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BMKxtHEkM8nX for <secdir@ietfa.amsl.com>; Mon, 17 Feb 2014 13:46:55 -0800 (PST)
Received: from mail-ig0-x233.google.com (mail-ig0-x233.google.com [IPv6:2607:f8b0:4001:c05::233]) by ietfa.amsl.com (Postfix) with ESMTP id 25BAC1A02A3 for <secdir@ietf.org>; Mon, 17 Feb 2014 13:46:55 -0800 (PST)
Received: by mail-ig0-f179.google.com with SMTP id c10so5947550igq.0 for <secdir@ietf.org>; Mon, 17 Feb 2014 13:46:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=eFhdpKWqleT/XkGbBV15e06LTO9SJ4S+hbqexX4+Yfc=; b=FbznMSEBvR2kTMH/8CMWl1L1fpuIjqB4Xd5mFEwKK6KQobRbO1o3ohF6DiKsJMHB9o Vp4ULfHdJQjC3RMAyokxKocT64IEeD18ssQuH61JabvT2HYMiAotpa60gRheqaix+rAJ KF4GRx1RuErILWialE+bSLOhOrP0ALoFysuDfuavAbbAiohQFSAT8F3taMNDyxD6AK8I 83rZztNmPPF0CQ+RkWNINSZTOFCwEnGqz3VwVrCzSXl0EV+mN++ffS282h0UtZ/Rs/Hr BPSrY+GOb3ZNHv+ye6d2F84OXtLkVSN1/47/Sp8txRV1oOFkADcGhUiJ6n6TNgo6o3M0 VwiQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=eFhdpKWqleT/XkGbBV15e06LTO9SJ4S+hbqexX4+Yfc=; b=cb5OMp95+vFEIVRf5WxmxUExpkQwoTf0rCUK48oo8gxxaSVG6YogUJD7ARvbZhky2S /xk6o/9jMpgCLqquz26w6nCuI6gAC4rwdPutLQeTSMX1UOUhwsl3QOIzZy4WyexXn6/S T1mnbr+9AHtbyBurNnFmcdIdKN9XRrwvhaFE85kJMETbebbpfHXkyDg66idiEZ6KOGNT BbDTdHFcb611vU9cLz/Zv/WjzFpv8dAKDH2YWSAewuhQr62PlC4tLhSwgGt8UlG+664s mjA07NfAPuY2erY0peCkuytkYvDKEc6NaaYwuLyfcxZrSlJ5zLJXUAW8Hd1OFUdstPdq M9Kw==
X-Gm-Message-State: ALoCoQm9p0tnoye36yIQtgjh9KeziNTi6HzD+FeSNtiYHlQXjJ8XlW0W5ajUgK0Os/B2FChgw7TGd7qLMmKxf53Dy32IAKdJ6Ce0dp8AYzWuDPJX+YkE/lwXHxlvE6oSfrOlTJdUPeCfIhaqHWAmZEat7l5bqOGpFyFZwRmW2OnJBF9dIJQ302kDt1uuBYSPCtNhH8VQxu9Y
X-Received: by 10.50.194.200 with SMTP id hy8mr8809567igc.25.1392673612266; Mon, 17 Feb 2014 13:46:52 -0800 (PST)
MIME-Version: 1.0
Received: by 10.64.56.228 with HTTP; Mon, 17 Feb 2014 13:46:22 -0800 (PST)
In-Reply-To: <ab03c2f49d11624502d39627e42e7018.squirrel@www.trepanning.net>
References: <23845_1391280851_s11IsAD0008772_cd3fb9f2748d08183af6652c0d58f61a.squirrel@www.trepanning.net> <1391369584.4360.72.camel@destiny.pc.cs.cmu.edu> <943e83dcb64a8666ea82900f013b2b9b.squirrel@www.trepanning.net> <CADOmCZX0a65F5dmiEf2Ayfx5FNc8nJ2Qvm7pPo0dL5NBrneD8w@mail.gmail.com> <ab03c2f49d11624502d39627e42e7018.squirrel@www.trepanning.net>
From: Richard Alimi <ralimi@google.com>
Date: Mon, 17 Feb 2014 13:46:22 -0800
Message-ID: <CADOmCZUMuzFQb6fN5bprh1E4GuJBerT3FjVc0Ek01_+2E9JhfQ@mail.gmail.com>
To: Dan Harkins <dharkins@lounge.org>
Content-Type: multipart/alternative; boundary="14dae934100df2a2a804f2a1170b"
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/VeWHaKNXiPbAOVAyL4aR6KbxdkQ
Cc: secdir@ietf.org, "draft-ietf-alto-protocol.all@tools.ietf.org" <draft-ietf-alto-protocol.all@tools.ietf.org>, iesg@ietf.org, Jeffrey Hutzelman <jhutz@cmu.edu>
Subject: Re: [secdir] secdir review of draft-ietf-alto-protocol
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Feb 2014 21:46:58 -0000
On Mon, Feb 17, 2014 at 6:38 AM, Dan Harkins <dharkins@lounge.org> wrote: > > Hi RIchard, > > On Sun, February 9, 2014 11:03 pm, Richard Alimi wrote: > > On Sun, Feb 2, 2014 at 7:08 PM, Dan Harkins <dharkins@lounge.org> wrote: > > > >> > >> On Sun, February 2, 2014 11:33 am, Jeffrey Hutzelman wrote: > >> > On Sat, 2014-02-01 at 10:54 -0800, Dan Harkins wrote: > >> > > >> >> Also, given those > >> >> restrictions and the fact that a tag just has to be less than > >> >> or equal to 64 octets, the probability of identical tags being > >> >> used is not zero. I think the probability of the tag from > >> >> example 11.3.1.7 is 0.5 to collide with one of just 460 > >> >> other Network Maps. > >> >> > >> >> I suggest requiring a tag to be 64 octets. That will make > >> >> even money probability of collision among nearly 3000 > >> >> other Network Maps, which is safer. > >> > > >> > OK, maybe I'm confused and reading out of context here. But I once > >> had > >> > someone tell me I needed to change my 5-character username because > >> they > >> > were requiring all usernames to be at least 6 characters, _in order to > >> > increase the number of possible usernames_. That is, they claimed > >> they > >> > were increasing the size of a namespace by eliminating possible names. > >> > >> Well that's a hair brained policy, but username selection is not a > >> good > >> analogy. I was at a company that had no strict requirements on a > >> username > >> so there should have been a near infinite size of the namespace. But we > >> had > >> a collision when the company had less than 10 employees because there > >> was another "dan" at the company. > >> > >> > The point is, if a tag is required to be exactly 64 octets, you get > >> > 0x5e^64 possible tags. But if it is required to be up to 64 octets, > >> you > >> > get Sum(i=0..64) 0x5e^i possible tags, which is strictly greater than > >> > 0x5e^64. So, requiring a tag to be 64 octets _reduces_ the number of > >> > possible tags, thereby increasing the chance of collision. > >> > >> That would be the case if all tags in the Sum(i=1..64) 0x5e^i tagspace > >> were equally probable of being chosen. Which implies implementations > >> choosing a random tag length for each tag generated in addition to a > >> random tag selection scheme for the randomly chosen length. I suspect, > >> though, that in practice the tag length will be fixed for a particular > >> implementation and the tag selection scheme will not necessarily be > >> random. So the herd mentality, plus the proliferation of one or two > >> companies' ALTO servers, will result in a severely reduced size of the > >> effective tagspace and the increased possibility of collisions. > >> > >> A tag generated as SHA256(NetworkMap) represented in 64 hex > >> characters would basically guarantee you'd never have a collision. > >> Saying, "it can be anything you want as long as it's less than 64 > >> octets" would not. > >> > > > > Should I interpret your comment to say that we should to require > > particular > > mechanisms for generating version tags, or be more explicit about > > suggesting mechanisms that have a low collision probability? > > Yes, I think you should. Suggestions on how to ensure a low > probability of collision would be helpful. > We've added the following text to section 10.3: It is RECOMMENDED that the tag have a low collision probability with other tags. One suggested mechanism is to compute it using a hash of the data content of the resource. > > > To help steer readers towards better implementation practices, we'll > > change > > the examples to use hashes in the version tags. > > That's a great idea. So people who implement ALTO and check > the example will use hashes themselves and that will help ensure > a low probability of collision. > This change has been made to our copy in SVN. > > > Thank you again for the review! > > You're very welcome! > > regards, > > Dan. > > >
- [secdir] secdir review of draft-ietf-alto-protocol Dan Harkins
- Re: [secdir] secdir review of draft-ietf-alto-pro… Jeffrey Hutzelman
- Re: [secdir] secdir review of draft-ietf-alto-pro… Dan Harkins
- Re: [secdir] secdir review of draft-ietf-alto-pro… Dan Harkins
- Re: [secdir] secdir review of draft-ietf-alto-pro… Richard Alimi
- Re: [secdir] secdir review of draft-ietf-alto-pro… Richard Alimi
- Re: [secdir] secdir review of draft-ietf-alto-pro… Dan Harkins
- Re: [secdir] secdir review of draft-ietf-alto-pro… Dan Harkins
- Re: [secdir] secdir review of draft-ietf-alto-pro… Richard Alimi
- Re: [secdir] secdir review of draft-ietf-alto-pro… Richard Alimi
- Re: [secdir] secdir review of draft-ietf-alto-pro… Y. Richard Yang
- Re: [secdir] secdir review of draft-ietf-alto-pro… Dan Harkins
- Re: [secdir] secdir review of draft-ietf-alto-pro… Dan Harkins