[rssac-caucus] [Ext] Handing the anonymization document off to RSSAC

Paul Hoffman paul.hoffman at icann.org
Thu Apr 12 02:19:15 UTC 2018 

On Apr 11, 2018, at 11:06 AM, John Heidemann <johnh at isi.edu> wrote:
> 
> A couple of questions about our goal, and some comments on the document.
> 
> About the goal: implicit in the above proposal is that little bit of
> editing will "finish" the document.  Is that true?

Yes.

> My sense is there is interest in larger changes, like trying to make a
> specific recommendation.  It seems unlikely that larger changes like
> that can be accomplished in only one week.

To date, there has been little traffic on this list indicating a desire for larger changes. In the specific example you give, I think that people have given up on picking a specific recommendation because, for every recommendation, there are other people who would use something different.

If I'm wrong and the Caucus wants to discuss this (or other large topics) more, that's of course fine.

> 
> Putting making a recommendation aside, 
> suggested changes to the document:
> 
> - section 2.1 and 3: changed "random value" to "secret value".
> 
>  Reason: The "random value" is either cryptographic salt or a secret
>  crypotgraphic key.  Its important characteristic is that it is secret
>  (not public), not that how it is chosen (perhaps randomly).
>  Using the term "random" can easily be confused with "changing".

Thank you, this is a great change.

> - section 2.1: the text implied using different secret keys "breaks
>  harmonization".  This statement is too strong.  There is benefit to
>  researchers to knowning the harmonization METHOD if different RSOs use
>  different secrets.

Agree.

> - section 4.1: the analysis of collisions was for an average day.
>  Collisions are dramatically higher for worst cases, and that's when
>  accurate counts most matter for some research.  I suggest this text
>  there to address this gap:
> 
>          (Although the birthday problem has few collisions when the
>          number of active IPv4 address is small, it is much worse when
>          the number is large.  For example, reports of the Nov. 30,
>          2015 DDoS attack on the roots indicate that roots saw about
>          891k unique addresses, and with n=900k, there are 170M
>          collisions.  While many of these addresses were spoofed.  This
>          count represents one factor in the cost some DDoS-defenses, so
>          accuracy is important.).

See the comment in the text. Those numbers make no sense. How can you get 20x more collisions than there are values?

> 
>  I don't want the document to go too far down this one particular
>  rathole, BUT presenting only average case data is, I think, misleading.

Noted. I would like to have the additional text (with some editorial changes you'll see in the text), but only if the numbers are correct.

> I made these changes both in the google doc and here.  I'm not sure that
> google doc edits alone always get as complete a discussion as mailing
> list comments.

Agree. If folks want to comment on any of the above, please do so here.

--Paul Hoffman

More information about the rssac-caucus mailing list