On 29/12/20 16:18, Paul Wouters wrote:
On Mon, 28 Dec 2020, Eric Rescorla wrote:
3. The one really strong voice for something here was Watson Ladd
who asked for a document that would tell him what to do, which
this is not.
I agree here. The document does not tell us what to do. There is just
some handwaving about hash functions.
Are you reading the document from the Subject line, or a different one?
Because there's no discussion whatsoever about "hash functions" in
draft-gont-numeric-ids-sec-considerations.
The requirements are very specific. Namely:
1. Clearly specify the interoperability requirements for the
aforementioned identifiers (e.g., required properties such as
uniqueness, along with the failure severity if such properties
are not met).
2. Provide a security and privacy analysis of the aforementioned
identifiers.
3. Recommend an algorithm for generating the aforementioned
identifiers that mitigates security and privacy issues, such as
those discussed in [I-D.irtf-pearg-numeric-ids-generation].
And we point to [I-D.irtf-pearg-numeric-ids-generation], where you can
find sample analysis for different categories of identifiers. An
analysis of common issues associated with I-Ds, and algorithms that
mitigate them.
Thanks,
--
Fernando Gont
SI6 Networks
e-mail: fgont@xxxxxxxxxxxxxxx
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call
