Re: [Secdispatch] Numeric IDs: Update to RFC3552
Eric Rescorla <ekr@rtfm.com> Thu, 18 April 2019 23:10 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 436E6120112
for <secdispatch@ietfa.amsl.com>; Thu, 18 Apr 2019 16:10:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001]
autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 4hPOWmovheWD for <secdispatch@ietfa.amsl.com>;
Thu, 18 Apr 2019 16:10:00 -0700 (PDT)
Received: from mail-lj1-x231.google.com (mail-lj1-x231.google.com
[IPv6:2a00:1450:4864:20::231])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 89525120136
for <secdispatch@ietf.org>; Thu, 18 Apr 2019 16:09:59 -0700 (PDT)
Received: by mail-lj1-x231.google.com with SMTP id v13so3267540ljk.4
for <secdispatch@ietf.org>; Thu, 18 Apr 2019 16:09:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=rtfm-com.20150623.gappssmtp.com; s=20150623;
h=mime-version:references:in-reply-to:from:date:message-id:subject:to
:cc; bh=sEYEMm84h3igtMKzB2xfgQJ7xJpK71RGldxJmcFuIrY=;
b=S0qrAxahJ1UElm1B1fGO795GD7bos3Dunf/0eJkwpIHGjovFe3K6OBR6RQiUS7rNhu
9Nm8yxa0hZSnhaoHzhqQhmkjPww1+iI+APnCO6kVa2poYLevpO29f4D2CSKIdI9CvBkN
0cJDkqEYWk14iFyBRJ6uYProg2vFkGsAXAulWhAtuTOmkk6GiZ7j41dMFS0CCbP1laRo
/v5aPm50TPZi97n+Ey5T/Trq3s65M66KZtwFgiZLFK+h8DGvU5x8I3QEsCKFpZru/HJX
TC/kV/iIWgXOnbSKN7fQ3ZvHS411kPHhANMMEKMh5En+MrHsYYkubsSpy35iG4eni9gA
rj9A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:references:in-reply-to:from:date
:message-id:subject:to:cc;
bh=sEYEMm84h3igtMKzB2xfgQJ7xJpK71RGldxJmcFuIrY=;
b=fglxnL0PxnM0iovavqE5t77LCI0Z9DjY5Sh/ty81ifZr3i0vEHe+Kz8j2WJWX+75j0
PkfyPMoraeJe0S2HcIxB2nUEMh1/R7/RvRN+1kbz0rh1RXaWBylUc9XTVns+/mknWV8Y
6vOkUsUK0ZL4ffzMKOZjyBopoWdBCNWIGlzNmBbiyF5MwnK7EY2byYmffYMj/xU4PtEh
Y7taIYAjHhCe1kERNJ5YMhmaZSr2RVdUsDGJY3gf3J/cImHvGh+Psb1fiVd6uB9ukeA7
wPZ4itLkRW5sBtwYqnuqxjOzdJpDZJi3aA7Kux4RXkaEW+Cl0bTxm5C2kpsgsPMjSDM7
uJpQ==
X-Gm-Message-State: APjAAAWoPPGKaSwflYfi7H2H8bv7gJIg7OAH4IUov7FrLKppbiCJVeEO
Wa/AKy8dVtmyWqNYbBO3Z0+RNPgzEP+HGR9o+5z5kSgA
X-Google-Smtp-Source: APXvYqzNFDLi4dRO5mmwNGyb8V2r6trFjdT3xd7sRSHMsEkiIJkIf22+qBo7yeeTAgn6vltMkWJ5n2vcBn4swO3h/0Q=
X-Received: by 2002:a2e:81da:: with SMTP id s26mr426236ljg.86.1555628997590;
Thu, 18 Apr 2019 16:09:57 -0700 (PDT)
MIME-Version: 1.0
References: <4ac730a6-73ca-74cd-e848-4a6645bd0403@si6networks.com>
<CABcZeBOy6MB0OG2cs=EE6hWB4pXBuNzW=LcQ+1dKmJzHBOUR-g@mail.gmail.com>
<bc733114-6f97-532b-02d5-2730e834340a@si6networks.com>
In-Reply-To: <bc733114-6f97-532b-02d5-2730e834340a@si6networks.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 18 Apr 2019 16:09:19 -0700
Message-ID: <CABcZeBPr2rfVkib684Gz4uCPWtFc4trwusJxNRJ6EPPpA=d0QA@mail.gmail.com>
To: Fernando Gont <fgont@si6networks.com>
Cc: =?UTF-8?Q?Iv=C3=A1n_Arce_=28Quarkslab=29?= <iarce@quarkslab.com>,
IETF SecDispatch <secdispatch@ietf.org>, pearg@irtf.org,
secdispatch-chairs@ietf.org
Content-Type: multipart/alternative; boundary="000000000000cdd5860586d619db"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/y4lNCtICx4KQq00zeUujoATovko>
Subject: Re: [Secdispatch] Numeric IDs: Update to RFC3552
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>,
<mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>,
<mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Apr 2019 23:10:02 -0000
On Thu, Apr 18, 2019 at 3:03 PM Fernando Gont <fgont@si6networks.com> wrote: > On 18/4/19 15:45, Eric Rescorla wrote: > > > > > > On Tue, Apr 16, 2019 at 2:07 AM Fernando Gont <fgont@si6networks.com > > <mailto:fgont@si6networks.com>> wrote: > > > > Folks, > > > > At the last secdispatch meeting I presented our I-D > > draft-gont-predictable-numeric-ids. > > > > >From the meeting discussion, it would seem to me that there is > support > > for this work. > > > > It would also seem to me that part of this work is to be pursued in > an > > appropriate IRTF rg, while the update to RFC3552 > > (draft-gont-numeric-ids-sec-considerations) should be pursued as an > > AD-sponsored document. > > > > > > I'm somewhat skeptical on an update to 3552; the proposed set of things > > to be improved seems unclear. > > Can you please state what's unclear? > I understand the list of things in your document. However, there have been proposals for a larger revision to 3552. The proposed set of such revisions is unclear, and it's not clear to me why your document fits into such a revision. > > I don't think that the material in this document should be added to > > 3552, as the purpose of 3552 is not really to go into that kind of > > detail about any specific topic. > > What I would expect is that RFC3552 helps prevent us from coming up with > vulnerable implementations. This is not the purpose of 3552. Rather, it is to document what is required in a security considerations section in general (the threat model, an overview of common issues, etc.) rather than to go into detail about a specific kind of attack. Otherwise, the amount of detail would become impractical. Indeed, just covering the space of attacks on cryptographic protocols would be impractical. One might imagine that if there were a revision it would contain a paragraph or three on this topic, but nowhere near the 30-odd pages of material that is in this document, and I don't think it's independently a reason to do a 3552 revision. That said, this document is *updating* RFC3552, rather than a revision > of RFC3552. Therefore, the content in this document wouldn't become part > of RFC3552, necessarily. > Well, the semantics of "Updates" would be somewhat confusing here. Certainly I don't think that this document is something we need to transitively incorporate into 3552, but I care a lot less about the contents of this header than I do about whether 3552 should be updated to include this material. -Ekr Thanks, > -- > Fernando Gont > SI6 Networks > e-mail: fgont@si6networks.com > PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 > > > > > _______________________________________________ > Secdispatch mailing list > Secdispatch@ietf.org > https://www.ietf.org/mailman/listinfo/secdispatch >
- [Secdispatch] Numeric IDs: Update to RFC3552 Fernando Gont
- Re: [Secdispatch] Numeric IDs: Update to RFC3552 Eric Rescorla
- Re: [Secdispatch] Numeric IDs: Update to RFC3552 Fernando Gont
- Re: [Secdispatch] Numeric IDs: Update to RFC3552 Eric Rescorla
- Re: [Secdispatch] Numeric IDs: Update to RFC3552 Fernando Gont
- Re: [Secdispatch] Numeric IDs: Update to RFC3552 Eric Rescorla
- Re: [Secdispatch] Numeric IDs: Update to RFC3552 Fernando Gont
- Re: [Secdispatch] Numeric IDs: Update to RFC3552 Benjamin Kaduk
- Re: [Secdispatch] Numeric IDs: Update to RFC3552 Hannes Tschofenig
- Re: [Secdispatch] Numeric IDs: Update to RFC3552 Fernando Gont
- Re: [Secdispatch] [Pearg] Numeric IDs: Update to … Fernando Gont
- Re: [Secdispatch] [Pearg] Numeric IDs: Update to … Eric Rescorla
- Re: [Secdispatch] [Pearg] Numeric IDs: Update to … Fernando Gont