the nonce -> message-id (term of CoAP) is good enough to be 16 bit (as in CoAP), because it is just per-hop retransmission, and the goal should be to simply change only things that don't need a lot of argument/evaluation.
The session-id is network-wide GRASP and again, there is no good reason to change it: Just causes a whole new re-investigation if it's sufficient (which i think it isn't, but my argument is not really technical, but just "keep it simple - only change what must be changed compared to GRASP"). Cheers Toerless On Mon, May 12, 2025 at 08:09:40AM +1200, Brian E Carpenter wrote: > On 11-May-25 21:53, Michael Richardson wrote: > > > > Brian E Carpenter <brian.e.carpen...@gmail.com> wrote: > > > One detail: when developing RFC 8991 we were given very strong > > advice to > > > avoid the word "nonce" as some people find it offensive (it has a > > slang > > > meaning in British English). We switched to "handle" in that RFC. > > But given > > > that GRASP and cGRASP both have a pseudo-random "session-id", why > > not simply > > > call it "message-id"? > > > > Oh. The rest of the security community will be surprised, so I think that > > ship has sailed, and we should stick with nonce, if it's purpose is > > freshness > > and/or contribution to a cryptographic state. > > {sitting in a cafe next to Farrindon station. Shall I ask a random person?} > > > > > I am a little concerned by the reduction from 32 to 16 bits for the > > > session-id. > > > > Since it's CBOR, there are no on-the-wire changes. > > It's really about saying that implementations can expect to use a 16-bit > > register for this. I.e., it's not saving any bytes in the wire, it's > > saving > > cycles on a CPU with a 16-bit ALU. > > Sure, but it's reducing the collision space from 4294967296 to 65536. That > means that collisions *will* happen so the collision avoidance mechanism > *will* be exercised. That may be a good design choice but I think it needs > to be documented. > > Brian > -- --- t...@cs.fau.de _______________________________________________ Anima mailing list -- anima@ietf.org To unsubscribe send an email to anima-le...@ietf.org