Hi, Joe,
On 15/12/20 00:34, Joseph Touch wrote:
On Dec 14, 2020, at 9:28 AM, Iván Arce (Quarkslab)
<iarce@xxxxxxxxxxxxx <mailto:iarce@xxxxxxxxxxxxx>> wrote:
Cryptography is not magical dust that fixes everything.
It’s a LOT more rigorous than the “algorithms” suggested.
If you’re running protocols where these IDs are exposed and that creates
a vulnerability, simply using these “algorithms” provides a false sense
of safety.
Flawed IDs introduce problems. IDs that are not flawed do not.
Using proper IDs such that they don't introduce issues means just that.
The *the transient numeric IDs* won't be exploitable -- just that --
which is certainly not a sufficient condition to claim that a protocol
is "safe" (whatever that means) -- since "safaty" might depend on a lot
of other things.
Thanks,
--
Fernando Gont
SI6 Networks
e-mail: fgont@xxxxxxxxxxxxxxx
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call
