Re: [Rescert] Another attempt to round off the IR-ISP protocol

To: Rob Austein <sra@hactrn.net>
Subject: Re: [Rescert] Another attempt to round off the IR-ISP protocol
From: Geoff Huston <gih@apnic.net>
Date: Tue, 05 Jun 2007 17:10:05 +1000
Cc: Resource Cert List <rescert@apnic.net>
In-reply-to: <20070604235446.ADC7C11B67@thangorodrim.hactrn.net>
List-archive: <http://www.apnic.net/mailing-lists/rescert>
List-help: <mailto:rescert-request@apnic.net?subject=help>
List-id: rescert.apnic.net
List-post: <mailto:rescert@apnic.net>
List-subscribe: <http://mailman.apnic.net/mailman/listinfo/rescert>, <mailto:rescert-request@apnic.net?subject=subscribe>
List-unsubscribe: <http://mailman.apnic.net/mailman/listinfo/rescert>, <mailto:rescert-request@apnic.net?subject=unsubscribe>
References: <465D22B3.1000207@apnic.net> <20070602182357.02C6211923@thangorodrim.hactrn.net> <46635253.4010807@apnic.net> <20070604235446.ADC7C11B67@thangorodrim.hactrn.net>
User-agent: Thunderbird 2.0.0.0 (Windows/20070326)

Rob Austein wrote:

So, at this point I think we have two real issues, and some trivial
stuff.  I'm going to ignore the trivial stuff for now.

1) On the replay protection thing: Randy and I have been talking to
   Steve Bellovin, and while we haven't quite converged yet it looks
   like the simplest answer is to follow RobK's earlier suggestion:
   just make the msg_ref a monotonically increasing integer, no CMS
   timestamp required, no reset mechanism required, done, full stop.
   The likely implementation would be to generate the msg_ref value
   from a clock on the sender side, eg, nanoseconds since epoch, but
   it really doesn't matter so long as it's monotonically increasing.
   The CMS timestamp doesn't isn't fine enough for this, and combining
   CMS timestamp with an additional value has timing screws, so let's
   just keep this simple and go with the counter.

   Steve Bellovin doesn't quite believe this yet but I think that
   Randy and I can convince him.  We'll keep you posted.

We've talked about this approach as well, and there are a few nits thatcontinue to be bothersome when thinking about this:

1. How old (in terms of CMS signing time) a message are you as a serverprepared to accept? Should be be a limit, or are we happy processingmessages that purportedly were signed years ago?

2. What happens as a client when you are using a simple incrementedcounter for msg_ref and you reboot? How do you resume msg_ref?

3. If the answer to q2 is the clock (as per your note above) whathappens as a client if NTP sets your clock backwards in time? Or justfreezes the clock?



Geoff

Follow-Ups:
- Re: [Rescert] Another attempt to round off the IR-ISP protocol
  - From: "Steven M. Bellovin" <smb@cs.columbia.edu>

References:
- Re: [Rescert] Another attempt to round off the IR-ISP protocol
  - From: Rob Austein <sra@hactrn.net>
- Re: [Rescert] Another attempt to round off the IR-ISP protocol
  - From: Geoff Huston <gih@apnic.net>
- Re: [Rescert] Another attempt to round off the IR-ISP protocol
  - From: Rob Austein <sra@hactrn.net>

Prev by Date: Re: [Rescert] Another attempt to round off the IR-ISP protocol
Next by Date: Re: [Rescert] Another attempt to round off the IR-ISP protocol
Previous by thread: Re: [Rescert] Another attempt to round off the IR-ISP protocol
Next by thread: Re: [Rescert] Another attempt to round off the IR-ISP protocol
Index(es):
- Date
- Thread