On Mon, 28 Dec 2020, Eric Rescorla wrote:
3. The one really strong voice for something here was Watson Ladd who asked for a document that would tell him what to do, which this is not.
I agree here. The document does not tell us what to do. There is just some handwaving about hash functions. It does not state anything about how to determine the required size of the Transient Numeric Identifier to make it safe from attack. It does not talk about the BCP for seeding of any kind of hash or prf function. Or about using Transient Numeric Identifiers so that you can verify it without needing to keep state (eg cookies)
This document contains two pieces: 1. A set of "common flaws" in generating ID (S 4)
And this is really already and better done in I-D.irtf-pearg-numeric-ids-history. It should just point to it without elaborating again in this document.
2. A set of requirements about what kind of analysis one has to do (S 5). From my perspective, S 5 is mostly reasonable, though I don't really think a special BCP is needed for them.
I agree. It is obvious to those who care and a really low bar that we should be already meeting at the IETF in general at this point. For example "2. Provide a security and privacy analysis of the aforementioned identifiers." is already required for the Security Considerations and checkd with SecDir reviews. The privacy parts are done somewhat less but are not omitted either. Section 5 bullet 3 points to another document. It is almost as if bullet point 1 and 2 could be part of the introduction there. Once you do these two things, this draft is basically scaffolding without content. Paul -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
