Tom.Petch wrote:
The phrase 'monotonic increasing' seems to be a Humpty-Dumpty one, used with a
different sense within RFC to that which I see defined elsewhere; and this
could lead to a reduction in security.
Elsewhere - dictionaries, encyclopaedia, text books - I see it
defined so that when applied to a sequence of numbers, then each number is not
less than its predecessor, so that
1 1 1 1 1 1 1 1 1 1
1 1 2 3 5 8 13
1 2.71828 3.14159 4.18 42
are all monotonic increasing sequences whereas
1 2 3 4 5 6 7 9 8 10
is not.
There are two variants:
monotonic increasing
sequence where (i+1)>=(i)
which applies to all of the above
in math, monotonic always includes equality
strictly monotonic increasing
sequence where (i+1)>(i)
which applies to all except the first two examples
this is also known as "non decreasing", as Ken noted
a constant sequence is one which is both monotonic increasing and
monotonic decreasing.
Within RFC, mostly those related to security or network management, the
context
of its use implies, in addition, one or more of
a) each number in the sequence is different (as in number used once)
b) each number is an integer
c) each number is one greater than its predecessor (as in message sequencing)
.
RFCs tend to describe integer sequences (vs. real or other kinds of
numbers). Most of the uses I'm familiar with for sequence numbers in
RFCs don't care if numbers are skipped, so I'm not sure this definition
is typical. (can you give an example if not?)
The above is an arithmetic integer sequence (constant delta between
terms) that is strictly monotonic increasing and maximally compact.
Informally, this might be referred to as a "sequential", but
mathematically a sequence is just an ordered list of numbers.
If (c) is changed to omit "one", this defines is monotonic increasing
integer sequence.
If (c) is changed to "at least one", this defines a strictly monotonic
integer sequence.
Most likely, an implementation that conforms to the rest of the world
definition
would interwork with one that conforms to the RFC one, but with some loss of
security, since numbers that are intended to be used only once could be
reused.
Q1) Can anyone point me to an authoritative source that endorses the RFC
usage?
Q2) Even so, since the rest of the world usage seems to be so widely defined,
should we change our terminology, eg specifying seqences to be strictly
increasing when that is what is needed?
I would agree with Q2.
Joe
signature.asc
Description: OpenPGP digital signature
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf