Re: [Tsv-art] [Pearg] Tsvart early review of draft-irtf-pearg-numeric-ids-generation-02

Eric Rescorla <ekr@rtfm.com> Thu, 27 August 2020 13:08 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tsv-art@ietfa.amsl.com
Delivered-To: tsv-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E39483A0840 for <tsv-art@ietfa.amsl.com>; Thu, 27 Aug 2020 06:08:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2Wy6udh4V8PZ for <tsv-art@ietfa.amsl.com>; Thu, 27 Aug 2020 06:08:40 -0700 (PDT)
Received: from mail-lj1-x230.google.com (mail-lj1-x230.google.com [IPv6:2a00:1450:4864:20::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B28B3A0890 for <tsv-art@ietf.org>; Thu, 27 Aug 2020 06:08:25 -0700 (PDT)
Received: by mail-lj1-x230.google.com with SMTP id t6so6323410ljk.9 for <tsv-art@ietf.org>; Thu, 27 Aug 2020 06:08:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=0EjoH/4tqqYVFvuboezU+TQSQsYxRNUu4Auh4PD7uCQ=; b=phueja2Qzba8ZipiP5saXPluFYaonlwafcXQieHEy8tl7QC8w+c0y1OgWTYXH0GvEa 5DW22VG58jVyedx4nlu9t0/Pkx8F0CnnF+2/ViStycpfhmQ56F0h+3TG7rsInbbWu13y 0juZxE5DKP+BBZ02/chYwfcI1QGWZ/+/BJ0Kdj2cpxxpB3MYkBAES1Uh6ff1JXpX0/Vw IWrqMOSVvojv3XWbtAXTp9yDSw/JiDOHxa/LLNSYVFabYSV1ggzgsEAIJi8rtp1ylb8A W98wetOe+fvFi/MyrIpSHlcDy1uAVPTprYm1Ptl4sMCfUPxD17nUwGI5YlO6bDQLa5av eVNw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=0EjoH/4tqqYVFvuboezU+TQSQsYxRNUu4Auh4PD7uCQ=; b=VtdA/apghnoiwSkO38AjYlT2kj9Nvo9uvQshSXPha3zcCld7WXaj7qnD4YpOckQn6s xvAAfLmatPcceYv+yrx42fly62bzw6domdCRANO3kCQLd58gAjVIzwXMEDTTjA1ER/NE k3vaslBjrR0pPNLG9RITcxmDXHcrjpi57A9LQFQZQwv5sV3RPyVL9oDCmjPWrlKVRWF9 DmvXFZ0pjAFfA1mMhVnzVw5J7p55k1U7x0RW3Fkptwps2+dbNETvcnedsiobbAy5DKGp w+udHCTsb90sNs1sESXPR+At+BilXKLj4aqMKBie+Qio4yZgivWG5CuGN9llLrJRY+hx CrUQ==
X-Gm-Message-State: AOAM531r7ceJWXZMvRGQMpNbe6dRVwx95wiY26h8+SrmXuEZV/mORRtC 5zDNIuim9x7ZMGxDty2g3OF7zqP+sObotTeHd43f3g==
X-Google-Smtp-Source: ABdhPJyKlA0i5qGdpSuylWxFk6xOstg1qb2UR8NlPUdO86G+DflDc/SQkVhcxwQYO3Xdp8nLqkjA3IgLF1JNl3FxkrA=
X-Received: by 2002:a2e:908a:: with SMTP id l10mr9177759ljg.409.1598533703185; Thu, 27 Aug 2020 06:08:23 -0700 (PDT)
MIME-Version: 1.0
References: <159680292803.8931.4890868238678597521@ietfa.amsl.com> <44fcae41-96d8-d0e4-5b8e-cd4419a516a4@si6networks.com>
In-Reply-To: <44fcae41-96d8-d0e4-5b8e-cd4419a516a4@si6networks.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 27 Aug 2020 06:07:45 -0700
Message-ID: <CABcZeBNNiNZFavh82N4M5Kd1arLAYyvNRnw6M5_mMX7=S9BH8Q@mail.gmail.com>
To: Fernando Gont <fgont@si6networks.com>
Cc: =?UTF-8?Q?Michael_T=C3=BCxen?= <tuexen@fh-muenster.de>, tsv-art@ietf.org, draft-irtf-pearg-numeric-ids-generation.all@ietf.org, pearg@irtf.org
Content-Type: multipart/alternative; boundary="0000000000008a7e5205addba1f0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsv-art/pEjXyKVI9K-yBitNM4oSAwgjg_U>
Subject: Re: [Tsv-art] [Pearg] Tsvart early review of draft-irtf-pearg-numeric-ids-generation-02
X-BeenThere: tsv-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Review Team <tsv-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsv-art/>
List-Post: <mailto:tsv-art@ietf.org>
List-Help: <mailto:tsv-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Aug 2020 13:08:43 -0000

On Thu, Aug 27, 2020 at 5:10 AM Fernando Gont <fgont@si6networks.com> wrote:

> Hi, Michael,
>
> Thanks a lot for your feedback! In-line...
>
> On 7/8/20 09:22, Michael Tüxen via Datatracker wrote:
> > Reviewer: Michael Tüxen
> > Review result: Ready with Issues
> >
> > The document is well written, provides algorithms which could be used to
> > address identified problems. One  could add some text covering TCP
> timestamps.
>
> You mean e.g. to spell out which of the proposed algorithms one might
> use for TCP timestamps?
>
>
> > Section 1 states:
> > "Recent history indicates that when new protocols are standardized or
> > new protocol implementations are produced, the security and privacy
> > properties of the associated identifiers tend to be overlooked,..."
> > How does this related to recent/current activities like SCTP/DTLS or
> QUIC?
>
> SCTP (RFC4960) is similar to TCP, in this respect. OTOH, I have only
> skimmed through the DTLS (RFC6347), and it seems that it initially sets
> sequence numbers to 0. -- while these are meant to be protected, I'm
> curious if they could have done with monotonically increasing sequence
> numbers ala 6528, or with a random origin.
>

We perhaps could have, but to our knowledge the security functionality of
the protocol does not depend on unpredictability of the Record Sequence
Number. The same is true of QUIC. Note that both QUIC and DTLS 1.3 protect
this portion of the header (QUIC calls it the Packet Number).

-Ekr