Re: [siprec] Stephen Farrell's Discuss on draft-ietf-siprec-metadata-20: (with DISCUSS and COMMENT)

[Paul Kyzivat <pkyzivat@alum.mit.edu>]

On 3/2/16 11:45 AM, Stephen Farrell wrote:
>
> Hiya,
>
> (We're spiralling in on precision... :-)

Yeah. Hopefully it is a converging spiral. :-)

My goal is to be no more restrictive than necessary, and to be as 
concise as possible to achieve that while being clear. Sometimes it is 
hard to find the right balance. More below.

> On 02/03/16 16:26, Paul Kyzivat wrote:
>> On 3/2/16 10:47 AM, Stephen Farrell wrote:
>>>
>>>
>>> On 02/03/16 15:23, Paul Kyzivat wrote:
>>>> On 3/2/16 6:08 AM, Stephen Farrell wrote:
>>>>
>>>>> (2) 6.10: Don't you need to say to use UUID version 4 with
>>>>> random numbers and to not use MAC addresses?  IOW, refer to
>>>>> RFC4122, Section 4.4 for how to generate UUIDs.
>>>>
>>>> I don't think we want to restrict to the section 4.4 algorithm. SRCs may
>>>> need quite a lot of UUIDs. There is no reason to be using a random
>>>> number generator for each one.
>>>
>>> Using a good PRNG for this should be fine and is allowed by 4.4.
>>> There's no need to block on /dev/random for this anyway:-)
>>>
>>>> And there could be cases where two SRCs
>>>> that are cooperating on recording might want to algorithmically
>>>> synchronize their uuid generation. For both of these cases the
>>>> name-based algorithm can work well. For that to be safe it is only
>>>> necessary that the namespace be unique.
>>>>
>>>> So I would rather not be so proscriptive about *how* the UUIDs are
>>>> generated, as long as they avoid accidental collisions and collisions
>>>> due to malice.
>>>
>>> I'd be fine with allowing that too. I think the main thing is
>>> to exclude using MAC addresses. So maybe saying "Follow RFC4122,
>>> Section 4.3 or 4.4" would work?
>>
>> Looking carefully at 4122: IIUC your objection is to using the algorithm
>> in section 4.1? So 4.2 and 4.3 are ok. And I would think 4.5 is also ok?
>> (But not the NIL UUID.)
>
> Doesn't 4.2 use the node_id the same way as 4.1?
>
> 4.5 also seems fine.

My mistake. Section 4 has funny structure. 4.1 isn't one of the 
algorithms. 4.2 is *the* algorithm that uses the MAC.

So 4.2 is bad, 4.3-4.5 are ok.

>> If 4.3 is used, does it matter what algorithm is used to create the name
>> space ID?
>
> I guess it could, e.g. using an AoR might be a bad plan I
> suppose, whereas using a DNS name associated with the SRS
> could be a good plan, but I'm not sure what implementers
> would be likely to use here. If I were to guess, I'd guess
> that some name for the SRS would be ok.
>
> Perhaps another way to handle it would be to say "use
> 4122, sections 4.3, 4.4 or 4.5 but ensure that you don't
> use anything potentially personally identifying to
> generate the UUIDs, so if you follow 4.3 a name for the
> SRS might be a good choice."

I don't think it is good to say anything about the *name*. The part that 
obscures it is the name space id, which is another UUID. As long as the 
name space id is good the name can be anything the SRC likes that is 
locally unique.

So perhaps "use 4122, sections 4.3, 4.4 or 4.5 but ensure that you don't
use anything potentially personally identifying to generate the UUIDs, 
so if you follow 4.3 a name space ID generated using 4.2 or 4.5 might be 
a good choice."

Would that be ok?

	Thanks,
	Paul