[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Simple] Randomness of Message-ID in IMDN

To: Eric Rescorla <ekr at networkresonance.com>, Hisham Khartabil <hisham.khartabil at gmail.com>
Subject: Re: [Simple] Randomness of Message-ID in IMDN
From: Eric Burger <eburger at standardstrack.com>
Date: Thu, 15 May 2008 07:00:20 +0800
Cc: secdir at mit.edu, ietf at ietf.org, simple at ietf.org, iesg at ietf.org
Delivered-to: ietfarch-simple-web-archive at core3.amsl.com
Delivered-to: simple at core3.amsl.com
In-reply-to: <20080514172556.2819F5081A@romeo.rtfm.com>
List-archive: <http://www.ietf.org/pipermail/simple>
List-help: <mailto:simple-request@ietf.org?subject=help>
List-id: SIP for Instant Messaging and Presence Leveraging Extensions <simple.ietf.org>
List-post: <mailto:simple@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/simple>, <mailto:simple-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/simple>, <mailto:simple-request@ietf.org?subject=unsubscribe>
References: <20080503211234.0377B5081A@romeo.rtfm.com> <C5B56A4A-1901-41F6-B47E-C04F51D813E6@standardstrack.com> <20080514154217.28E375081A@romeo.rtfm.com> <28AB2CB7-DE19-42B0-906C-2D900FEDFB1A@standardstrack.com> <20080514172556.2819F5081A@romeo.rtfm.com>
Sender: simple-bounces at ietf.org

I think the proposed wording is excellent.  Unless there is objection  
(PLEASE take it to the SIMPLE list if one does, or wish to +1 it), I  
would offer we use this language exactly.

On May 15, 2008, at 1:25 AM, Eric Rescorla wrote:

> At Thu, 15 May 2008 00:25:38 +0800,
> Eric Burger wrote:
>> Thanks for your very, very quick review!  On the one open item for
>> discussion, Message-ID, I would offer (1) it is not a do-or-die
>> situation but that (2) using a cryptographically secure random number
>> generator. achieves the same result with better properties.  Again, I
>> will defer back to you: I know the work group will push back strong  
>> if
>> a cryptographically secure random number generator is a resource hog.
>>
>> Are there memory / CPU efficient cryptographically secure random
>> number generators?
>
> Yes. For instance, the NIST SP 800-90 PRNG requires order
> 256-512 bits of internal state and two hash operations for
> every hash-sized (160-512 bits) chunk of output. I would
> just use OpenSSL's cryptographically secure PRNG myself :)
>
>
>> Should we give guidance to the range of numbers
>> (i.e., 32-bits, 512-bits, 6 digits, etc.)?
>
> As I understand the situation, the sender the only person who has
> to rely on the uniqueness of this header, right?
>
>
> I would suggest instead of recommending a given number you explain
> what the issues are and why this has to be unpredictable.  Perhaps
> something like this:
>
>  Because the Message-ID is used by the sender to correlate IMDNs with
>  their respective IMs, the Message-ID MUST be selected so that:
>
>  (1) There is a minimal chance of any two Message-IDs accidentally
>  colliding within the time period within which an IMDN might be
>  received.
>
>  (2) It is prohibitive for an attacker who has seen one or more valid
>  Message-IDs to generate additional valid Message-IDs.
>
>  The first requirement is a correctness requirement to ensure correct
>  matching. The second requirement prevents off-path attackers from
>  forging IMDNs. In order to meet both of these requirements, it is
>  RECOMMENDED that Message-IDs be generated using a cryptographically
>  secure pseudorandom number generator (see [RFC 4086] and contain at
>  least 64 bits of randomness, thus reducing the chance of a
>  successful guessing attack to n/2^64, where n is the number of
>  outstanding valid messages. Another potential approach is to combine
>  a sequence number (providing uniqueness) with a cryptographic MAC
>  for unforgeability.
>
> Cheers,
> -Ekr
>
>
>
>

_______________________________________________
Simple mailing list
Simple at ietf.org
https://www.ietf.org/mailman/listinfo/simple

References:
- Re: [Simple] Re-review of draft-ietf-simple-imdn
  - From: Eric Burger
- [Simple] Randomness of Message-ID in IMDN
  - From: Eric Burger

Prev by Date: [Simple] Randomness of Message-ID in IMDN
Next by Date: [Simple] Protocol Action: 'Session Initiation Protocol (SIP) User Agent Capability Extension to Presence Information Data Format (PIDF)' to Proposed Standard
Previous by thread: [Simple] Randomness of Message-ID in IMDN
Next by thread: Re: [Simple] Randomness of Message-ID in IMDN
Index(es):
- Date
- Thread