Randomness of Message-ID in IMDN

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks for your very, very quick review!  On the one open item for  
discussion, Message-ID, I would offer (1) it is not a do-or-die  
situation but that (2) using a cryptographically secure random number
generator. achieves the same result with better properties.  Again, I  
will defer back to you: I know the work group will push back strong if  
a cryptographically secure random number generator is a resource hog.

Are there memory / CPU efficient cryptographically secure random  
number generators? Should we give guidance to the range of numbers  
(i.e., 32-bits, 512-bits, 6 digits, etc.)?


On May 14, 2008, at 11:42 PM, Eric Rescorla wrote:

> At Wed, 14 May 2008 12:20:21 +0800,
> Eric Burger wrote:
>>
>> Inline
>>
>> On May 4, 2008, at 5:12 AM, Eric Rescorla wrote:
[snip]
>>> S 7.1.1.1.  Why does Message-ID need any randomness at all as  
>>> opposed
>>> to uniqueness?  And if it needs randomness, why is 32 enough?
>>
>> The randomness property makes it more difficult for malicious nodes
>> guessing Message-IDs and thus being able to pass IMDNs through
>> filtering mechanisms.
>>
>> IYHO, is 32-bits enough? You're the expert; I'm just guessing!
>
> So, unsurprisingly, it depends.
>
> Is your mental model that you have a list of n valid message-ids
> "outstanding" at once and you want the probability of an attacker
> guessing one to be sufficiently small? With a 32-bit space,
> the chance is n/2^32. So, if you're just treating this as a
> sort of spam filter, then it's probably fine. But if a single
> bad message getting through is fatal, then, no, it's not.
>
> The other thing I would say is that if you want ids to be
> unguessable, then you probably want to say that they should
> be generated with a cryptographically secure random number
> generator. There are lots of PRNGs that produce uniform distributions
> but that are predictable and that won't do here, right?
_______________________________________________
IETF mailing list
IETF@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]