Re: [Rescert] Another attempt to round off the IR-ISP protocol

To: Resource Cert List <rescert@apnic.net>
Subject: Re: [Rescert] Another attempt to round off the IR-ISP protocol
From: Rob Austein <sra@hactrn.net>
Date: Mon, 04 Jun 2007 21:34:24 -0700
In-reply-to: <4664E53B.1070801@apnic.net>
List-archive: <http://www.apnic.net/mailing-lists/rescert>
List-help: <mailto:rescert-request@apnic.net?subject=help>
List-id: rescert.apnic.net
List-post: <mailto:rescert@apnic.net>
List-subscribe: <http://mailman.apnic.net/mailman/listinfo/rescert>, <mailto:rescert-request@apnic.net?subject=subscribe>
List-unsubscribe: <http://mailman.apnic.net/mailman/listinfo/rescert>, <mailto:rescert-request@apnic.net?subject=unsubscribe>
References: <465D22B3.1000207@apnic.net> <20070602182357.02C6211923@thangorodrim.hactrn.net> <46635253.4010807@apnic.net> <20070604235446.ADC7C11B67@thangorodrim.hactrn.net> <4664A8E9.5010906@apnic.net> <20070605034641.1BFC711A06@thangorodrim.hactrn.net> <4664E53B.1070801@apnic.net>
User-agent: Wanderlust/2.14.0 (Africa) Emacs/21.3 Mule/5.0 (SAKAKI)

At Tue, 05 Jun 2007 14:23:23 +1000, Geoff Huston wrote:
> Rob Austein wrote:
> > 
> > With the scheme as I described it a few hours ago the msg_ref never
> > needs to be reset, full stop.  So there's no need for a reset timer,
> > 24 hour or otherwise.
> > 
> > Yes this is a change from what I wrote up on Saturday.
> 
> Are you referring to this scheme?
> 
> 1) On the replay protection thing: Randy and I have been talking to
>     Steve Bellovin, and while we haven't quite converged yet it looks
>     like the simplest answer is to follow RobK's earlier suggestion:
>     just make the msg_ref a monotonically increasing integer, no CMS
>     timestamp required, no reset mechanism required, done, full stop.
>     The likely implementation would be to generate the msg_ref value
>     from a clock on the sender side, eg, nanoseconds since epoch, but
>     it really doesn't matter so long as it's monotonically increasing.
>     The CMS timestamp doesn't isn't fine enough for this, and combining
>     CMS timestamp with an additional value has timing screws, so let's
>     just keep this simple and go with the counter.
> 
>     Steve Bellovin doesn't quite believe this yet but I think that
>     Randy and I can convince him.  We'll keep you posted.

Yes.

References:
- Re: [Rescert] Another attempt to round off the IR-ISP protocol
  - From: Rob Austein <sra@hactrn.net>
- Re: [Rescert] Another attempt to round off the IR-ISP protocol
  - From: Geoff Huston <gih@apnic.net>
- Re: [Rescert] Another attempt to round off the IR-ISP protocol
  - From: Rob Austein <sra@hactrn.net>
- Re: [Rescert] Another attempt to round off the IR-ISP protocol
  - From: Geoff Huston <gih@apnic.net>
- Re: [Rescert] Another attempt to round off the IR-ISP protocol
  - From: Rob Austein <sra@hactrn.net>
- Re: [Rescert] Another attempt to round off the IR-ISP protocol
  - From: Geoff Huston <gih@apnic.net>

Prev by Date: Re: [Rescert] Another attempt to round off the IR-ISP protocol
Next by Date: Re: [Rescert] Another attempt to round off the IR-ISP protocol
Previous by thread: Re: [Rescert] Another attempt to round off the IR-ISP protocol
Next by thread: Re: [Rescert] Another attempt to round off the IR-ISP protocol
Index(es):
- Date
- Thread