On 10/18/2022 8:28 AM, David Schinazi wrote:
Hi Michael,
While MT's comment might sound nitpicky, he's right in suggesting
people use real PNRGs because we've already had collisions due to
human-picked numbers in the past. The fact that quic-multipath made
the same mistake doesn't make it best practice. (And FWIW I'm also
guilty of having made that mistake in the past).
I am very much guilty of that too. Mnemonic are nice. In the past,
collision between mnemonics was dealt with by simply looking in the
provisional registry in the WG wiki. That's something we lost when we
moved to an IANA registry, because there is a longer delay between use
in an experiment and publication in an IANA registry than just updating
a wiki. The risk of collision increases. That has to be compensated
somehow. But there is something else. Experiments are for learning.
Drafts changes. The good practice is to use some form of versioning --
definitely change the Transport Parameter value if you are negotiating
something different than the original draft. Change the frame id if the
syntax changes. Etc. So you don't want to just use 0x1337 or 0xdada, you
will want 0x1337xx, or 0xdadaxx. That kind of diminishes the user
friendliness of mnemonics.
On the other hand, I am not sure that mnemonics are more collision prone
than values picked by bad number generators. "Use a random generator" is
likely to end up with python scripts like:
import sys
import random
random.seed(sys.argv[1])
print(hex(random.randrange(64,0x100000)))
That's not exactly collision proof either...
-- Christian Huitema
David
On Tue, Oct 18, 2022 at 2:28 AM Michael Eriksson
<[email protected]> wrote:
On Tue, Oct 18, 2022 at 11:13:24 +1100, Martin Thomson wrote:
> I see this in the draft:
>
> "TBD - experiments use 0xadda"
>
> I find it hard to believe that this value was chosen at random.
> Please consult a random number generator for these values. And -
> while you are developing proposals - larger values might be more
> appropriate.
That was a pretty nitpicky comment... Have you read
draft-ietf-quic-multipath? The 0xbabaXX constants don't look very
random if you consider the affiliation of the first authors.
Also, what is a "large" value? 0xadda is big enough to require a
32-bit VarInt.
/me
