On 18/12/20 00:56, Christian Huitema wrote:
[...]> To be clear, the point is not that security risks should be ignored.
Nobody is saying that. The point is that the proper way to conduct risk
analysis is by looking at attack areas such as information disclosure,
risks of spoofing, etc. These analyses will vary depending on
circumstances, and the responses are not always the same. They are
definitely not the same for information inside and outside the
encryption envelope. They are also not the same for all parameters in a
system. To give an example, consider the stream offset indicating the
position of the message bytes in a file. Randomizing that would be
ridiculous.
Analysis of weaknesses is good. Prescription of one-size-fit-all
remedies, on the other hand, does more harm than good.
I will ask this again. Where's the one-size-fits all here:
1. Clearly specify the interoperability requirements for the
aforementioned identifiers (e.g., required properties such as
uniqueness, along with the failure severity if such properties
are not met).
2. Provide a security and privacy analysis of the aforementioned
identifiers.
3. Recommend an algorithm for generating the aforementioned
identifiers that mitigates security and privacy issues, such as
those discussed in [I-D.irtf-pearg-numeric-ids-generation].
?
Thanks,
--
Fernando Gont
e-mail: fernando@xxxxxxxxxxx || fgont@xxxxxxxxxxxxxxx
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call
