Re: Randomness of Message-ID in IMDN

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Eric Rescorla wrote:

> As I understand the situation, the sender the only person
> who has to rely on the uniqueness of this header, right?

Hi, I have not the faintest idea what you are talking about,
but if it is in any way related to the 2822upd concept of
a Message-ID "worldwide unique forever" is no nonsense as
soon as a Message-ID passes mail2news gateways, and/or is
used in an Archived-At URL.

> the Message-ID MUST be selected so that:
   
> (1) There is a minimal chance of any two Message-IDs accidentally
> colliding within the time period within which an IMDN might be
> received.

That is apparently the definition for some UUID versions, but
not for a Message-ID as specified in RFC.ietf-usefor-usefor:

| The Message-ID header field contains a unique message identifier.
| Netnews is more dependent on message identifier uniqueness and fast
| comparison than Email is
[...]
| The global uniqueness requirement for <msg-id> in [RFC2822]
| is to be understood as applying across all protocols using
| such message identifiers, and across both Email and Netnews
| in particular.

> (2) It is prohibitive for an attacker who has seen one or more
> valid  Message-IDs to generate additional valid Message-IDs.

That would match pseudo-random number, but a "worldwide unique
forever" Message-ID can boil down to timestamp @ domain (plus
magic to avoid collisions for various Message-ID generators
for a given domain or subdomain).
 
> it is RECOMMENDED that Message-IDs be generated using a
> cryptographically secure pseudorandom number generator

Please get the terminology right as first priority, what you
are talking about is apparently *NOT* an 2822upd Message-ID
as used in mail, news, APOP, and CRAM-MD5.

 Frank

_______________________________________________
IETF mailing list
IETF@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]