From fgont en si6networks.com Thu Jan 14 02:33:41 2021 From: fgont en si6networks.com (Fernando Gont) Date: Thu, 14 Jan 2021 02:33:41 -0300 Subject: [LACNIC/Seguridad] =?utf-8?q?Revisi=C3=B3n_de_=22On_the_Generati?= =?utf-8?q?on_of_Transient_Numeric_Identifiers=22_=28Fwd=3A_=5BPearg=5D_I-?= =?utf-8?q?D_Action=3A_draft-irtf-pearg-numeric-ids-generation-06=2Etxt=29?= In-Reply-To: <161058975268.21910.2538803524550539674@ietfa.amsl.com> References: <161058975268.21910.2538803524550539674@ietfa.amsl.com> Message-ID: Estimades, FYI: "On the Generation of Transient Numeric Identifiers" URL: https://tools.ietf.org/html/draft-irtf-pearg-numeric-ids-generation-06 Este super-necesita revisiones, ya que hay mucho material para meter la pata. Sus comentarios serán bienvenidos! P.S.: https://www.youtube.com/watch?v=O-rWzUps2x0 Slds, y gracias! Fernando -------- Forwarded Message -------- Subject: [Pearg] I-D Action: draft-irtf-pearg-numeric-ids-generation-06.txt Date: Wed, 13 Jan 2021 18:02:32 -0800 From: internet-drafts en ietf.org Reply-To: pearg en irtf.org To: i-d-announce en ietf.org CC: pearg en irtf.org A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Privacy Enhancements and Assessments Research Group RG of the IRTF. Title : On the Generation of Transient Numeric Identifiers Authors : Fernando Gont Ivan Arce Filename : draft-irtf-pearg-numeric-ids-generation-06.txt Pages : 41 Date : 2021-01-13 Abstract: This document performs an analysis of the security and privacy implications of different types of "transient numeric identifiers" used in IETF protocols, and tries to categorize them based on their interoperability requirements and their associated failure severity when such requirements are not met. Subsequently, it provides advice on possible algorithms that could be employed to satisfy the interoperability requirements of each identifier category, while minimizing the negative security and privacy implications, thus providing guidance to protocol designers and protocol implementers. Finally, it describes a number of algorithms that have been employed in real implementations to generate transient numeric identifiers, and analyzes their security and privacy properties. This document is a product of the Privacy Enhancement and Assessment Research Group (PEARG) in the IRTF. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-irtf-pearg-numeric-ids-generation/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-irtf-pearg-numeric-ids-generation-06 https://datatracker.ietf.org/doc/html/draft-irtf-pearg-numeric-ids-generation-06 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-irtf-pearg-numeric-ids-generation-06 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ -- Pearg mailing list Pearg en irtf.org https://www.irtf.org/mailman/listinfo/pearg From fgont en si6networks.com Thu Jan 14 03:23:57 2021 From: fgont en si6networks.com (Fernando Gont) Date: Thu, 14 Jan 2021 03:23:57 -0300 Subject: [LACNIC/Seguridad] =?utf-8?q?Revisi=C3=B3n_de_=22Unfortunate_His?= =?utf-8?q?tory_of_Transient_Numeric_Identifiers=22_=28Fwd=3A_=5BPearg=5D_?= =?utf-8?q?I-D_Action=3A_draft-irtf-pearg-numeric-ids-history-06=2Etxt=29?= In-Reply-To: <161056228404.25478.14241679581686248408@ietfa.amsl.com> References: <161056228404.25478.14241679581686248408@ietfa.amsl.com> Message-ID: <62e83f5f-387e-6b3f-b156-49b0264ff0dd@si6networks.com> Estimades, FYI. Titulo: Unfortunate History of Transient Numeric Identifiers UTL: https://tools.ietf.org/html/draft-irtf-pearg-numeric-ids-history-06 Sus comentarios serán bienvenidos. Algunos datapoints interesantes: 1) It took 27 years to fix the TCP spec with respect to flawed TCP ISN generation 2) OpenBSD implemented transport protocol ephemeral port randomization 14.5 years before the IETF recommended it. 3) I has taken 20 years (and counting!) to address security/privacy issues associated with IPv6 address configuration (SLAAC). -- Many DHCPv6 implementations still broken in that respect! 4) OpenBSD implemented IPv6 Frag Identification 14 years before the IETF actually recommended it. -- Windows 10 still doesn't? P.S.: https://www.youtube.com/watch?v=e4qdODv6Uh8 Saludos, y gracias! Fernando -------- Forwarded Message -------- Subject: [Pearg] I-D Action: draft-irtf-pearg-numeric-ids-history-06.txt Date: Wed, 13 Jan 2021 10:24:44 -0800 From: internet-drafts en ietf.org Reply-To: pearg en irtf.org To: i-d-announce en ietf.org CC: pearg en irtf.org A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Privacy Enhancements and Assessments Research Group RG of the IRTF. Title : Unfortunate History of Transient Numeric Identifiers Authors : Fernando Gont Ivan Arce Filename : draft-irtf-pearg-numeric-ids-history-06.txt Pages : 28 Date : 2021-01-13 Abstract: This document analyzes the timeline of the specification and implementation of different types of "transient numeric identifiers" used in IETF protocols, and how the security and privacy properties of such protocols have been affected as a result of it. It provides empirical evidence that advice in this area is warranted. This document is a product of the Privacy Enhancement and Assessment Research Group (PEARG) in the IRTF. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-irtf-pearg-numeric-ids-history/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-irtf-pearg-numeric-ids-history-06 https://datatracker.ietf.org/doc/html/draft-irtf-pearg-numeric-ids-history-06 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-irtf-pearg-numeric-ids-history-06 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ -- Pearg mailing list Pearg en irtf.org https://www.irtf.org/mailman/listinfo/pearg