Re: [secdir] Secdir review of draft-gont-numeric-ids-sec-considerations-06
Fernando Gont <fgont@si6networks.com> Sun, 03 January 2021 02:57 UTC
Return-Path: <fgont@si6networks.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D295F3A1355; Sat, 2 Jan 2021 18:57:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.888
X-Spam-Level:
X-Spam-Status: No, score=-1.888 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, T_SPF_TEMPERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qewlcGBbArNi; Sat, 2 Jan 2021 18:57:33 -0800 (PST)
Received: from fgont.go6lab.si (fgont.go6lab.si [IPv6:2001:67c:27e4::14]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B5D203A1356; Sat, 2 Jan 2021 18:57:18 -0800 (PST)
Received: from [10.0.0.129] (unknown [186.19.8.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id ACBF2283BB4; Sun, 3 Jan 2021 02:57:13 +0000 (UTC)
To: Charlie Kaufman <charliekaufman@outlook.com>, "secdir@ietf.org" <secdir@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "draft-gont-numeric-ids-sec-considerations.all@ietf.org" <draft-gont-numeric-ids-sec-considerations.all@ietf.org>
References: <MW2PR1901MB46833CA29CAF359CA145963CDFD40@MW2PR1901MB4683.namprd19.prod.outlook.com>
From: Fernando Gont <fgont@si6networks.com>
Message-ID: <38b7232f-a516-dcee-e56c-43062357ecf8@si6networks.com>
Date: Sat, 02 Jan 2021 23:51:57 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <MW2PR1901MB46833CA29CAF359CA145963CDFD40@MW2PR1901MB4683.namprd19.prod.outlook.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/mBKim17fwpNwbYeFJsXd_2itOKA>
Subject: Re: [secdir] Secdir review of draft-gont-numeric-ids-sec-considerations-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 03 Jan 2021 02:57:37 -0000
Hello, Charlie, Thanks a lot for your comments! In-line.... On 2/1/21 19:25, Charlie Kaufman wrote: [....] > Essentially, it says that when picking transient numeric identifiers, > beware of leaking information about other things going on at the node > choosing the identifiers to either eavesdroppers or to the legitimate > target of the communication (or making it possible for someone off-path > to guess the identifiers being used and forge packets). There is ample > history of implementers making bad choices in this space to warrant > getting the advice out there. My only reservation with this document is > that it would be nice if the advice could be somewhere more visible > (e.g., in some future update to RFC3552). > > There are three other I-Ds in process with closely related content; it > would be kind to readers if these could be combined into one. They are: > draft-gont-predictable-numeric-ids, > draft-irtf-pearg-numeric-ids-generation, and > draft-irtf-pearg-numeric-ids-history. It's hard to imagine a reader of > any one of these who would not benefit from reading the others. FWIW, this effort originally started as a single document that combined the three documents you reference (draft-gont-predictable-numeric-ids). However, at the time, when presenting this effort at the SAAG meeting, there was agreement that the orginal document (draft-gont-predictable-numeric-ids) contained different kinds of information (Informational-ish vs. BCP-ish) and thus we were instructed to split the original document in three pieces. Since then, each of the resulting pieces were progressed on their own, with two of them eventually being adopted by the PEARG, and this one (draft-gont-numeric-ids-sec-considerations) being progressed as an AD-sponsored document. > Typos: > > p6 Section 4: "to be a predictable" -> "to be predictable" > "identifiers in other context" -> "identifiers in another context" Will fix this in the next rev. Thanks a lot! Cheers, -- Fernando Gont SI6 Networks e-mail: fgont@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
- [secdir] Secdir review of draft-gont-numeric-ids-… Charlie Kaufman
- Re: [secdir] Secdir review of draft-gont-numeric-… Fernando Gont