Re: [6lo] Draft applicability for 6775bis
Christian Huitema <huitema@huitema.net> Thu, 20 April 2017 18:06 UTC
Return-Path: <huitema@huitema.net>
X-Original-To: 6lo@ietfa.amsl.com
Delivered-To: 6lo@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E556E12709D for <6lo@ietfa.amsl.com>; Thu, 20 Apr 2017 11:06:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BfFgX6fODRx6 for <6lo@ietfa.amsl.com>; Thu, 20 Apr 2017 11:06:41 -0700 (PDT)
Received: from mx43-out1.antispamcloud.com (mx43-out1.antispamcloud.com [138.201.61.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F32A129B5C for <6lo@ietf.org>; Thu, 20 Apr 2017 11:06:37 -0700 (PDT)
Received: from xsmtp31.mail2web.com ([168.144.250.234] helo=xsmtp11.mail2web.com) by mx43.antispamcloud.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.86) (envelope-from <huitema@huitema.net>) id 1d1GTN-0002On-RL for 6lo@ietf.org; Thu, 20 Apr 2017 20:06:34 +0200
Received: from [10.5.2.12] (helo=xmail02.myhosting.com) by xsmtp11.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from <huitema@huitema.net>) id 1d1GSq-0001OR-Tv for 6lo@ietf.org; Thu, 20 Apr 2017 14:06:27 -0400
Received: (qmail 12339 invoked from network); 20 Apr 2017 18:05:55 -0000
Received: from unknown (HELO [192.168.1.100]) (Authenticated-user:_huitema@huitema.net@[172.56.42.222]) (envelope-sender <huitema@huitema.net>) by xmail02.myhosting.com (qmail-ldap-1.03) with ESMTPA for <6lo@ietf.org>; 20 Apr 2017 18:05:55 -0000
To: "Pascal Thubert (pthubert)" <pthubert@cisco.com>, Lorenzo Colitti <lorenzo@google.com>, Gabriel Montenegro <Gabriel.Montenegro@microsoft.com>
References: <0d33195c-d828-1d5b-6a49-ca23d9d4a793@sonic.net> <CY1PR03MB22654E9D09DC4384A74D9188A3350@CY1PR03MB2265.namprd03.prod.outlook.com> <CFC7EFC7-BD75-43DC-A61C-FF7ABD7337A3@ericsson.com> <e8161f19-4be2-1f7b-99e3-785a515accbd@innovationslab.net> <a37ba07e66b84179b65588d8c1f7380e@XCH-RCD-001.cisco.com> <4e56f4db01cb4625aa37e905461452bb@XCH-RCD-001.cisco.com> <BN3PR0301MB123530AC55E6006CE5E4102295180@BN3PR0301MB1235.namprd03.prod.outlook.com> <CAKD1Yr2-EYbiFssW8GTWwZjUm25LG62g-QrD10MhdObVO9=ErQ@mail.gmail.com> <563d09c9e77e4868ba4ff0c66119886a@XCH-RCD-001.cisco.com>
Cc: Erik Nordmark <nordmark@sonic.net>, "draft-ietf-6lo-rfc6775-update@ietf.org" <draft-ietf-6lo-rfc6775-update@ietf.org>, Suresh Krishnan <suresh.krishnan@ericsson.com>, "6lo@ietf.org" <6lo@ietf.org>
From: Christian Huitema <huitema@huitema.net>
Message-ID: <9fe62627-2777-d326-3865-aa830759ef2b@huitema.net>
Date: Thu, 20 Apr 2017 11:05:52 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <563d09c9e77e4868ba4ff0c66119886a@XCH-RCD-001.cisco.com>
Content-Type: multipart/alternative; boundary="------------AB9B99EA1FE4F8A4513473CD"
X-Originating-IP: 168.144.250.234
X-SpamExperts-Domain: xsmtpout.mail2web.com
X-SpamExperts-Username: 168.144.250.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=168.144.250.0/24@xsmtpout.mail2web.com
X-SpamExperts-Outgoing-Class: unsure
X-SpamExperts-Outgoing-Evidence: Combined (0.18)
X-Recommended-Action: accept
X-Filter-ID: s0sct1PQhAABKnZB5plbIVbU93hg6Kq00BjAzYBqWlVTHAar8Je/lORhy3PZJU8LERWeKKG4PAQY Nyavp7c49FXKwZbSflcvTu2SSy6NnOlTugiLDom8V25hond3K4RsO76XSTAwtV4mg4i2ouCDa4AU hvIWAV5xUW/+gAh4vXreWvM0Xae6YOssBAJj1UUXRcOb18WfxGyg6Om6u4YYmw8a/7P8/pfFyXLR SQbvImg5hjoyEb9Oq0NWpyO3vrfYzS02aeiYw+GANPqwVsDMNz3dKxLhoxcmaInYbR5vlqGudzLe k2TYFBStSOMccbr5Uz0sPgnpAk2KA2vJwMd1uWhCmLzOxTAcQmFWVARhgNqBNFD3an3wiMp49rVr ybSBcKaDTe3QRRhTm1Fh3Md1t3TFgIfDMShmlQFqCr5hA8xAXSGwpLGc/Znuh3MoIpK0vGMdCBOF 8IZG4xpeP0b8a7bRF0J+AL6gRRwFcty0/RGJ+cv73CChOPjKA0/DVd83mzKXD5o/Ia+BqyQ7Q0nt IZ2PVtMHd8bHCmdzlxzVIEgwyGTHIAoNFX+jcW7DGmdE6eBVl9/A6GtGi+mfMSANmgQ9/T0zHbtC pLbhgZ6Z/Qhqxiuap5uKiBpffUsHYsfmrbtbs8GJuRKR6hnrta1usy6F/SOWlhnS7qkS/mOkSgD5 8bDUIriOSOQTK7vaz2jBsjp0rjSY76LAIHA6cW4Oa/Qha/RnthtBN2ZW1JKck9doZf4bSntrQJrU INQhYbKxxdwDV/LdQk4Dnvnv/o4ZpIN8Tfe43vaXKX/yihCEqxIlRZaHuAWSnHeK3PdSA6Q+2n/k rhIYlNMbfS0wdTtG+yL6RB9qZiyTMxcUxx8RZkEUhuDAoR32cV4eNY9hrm4n
X-Report-Abuse-To: spam@quarantine5.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/6lo/O04oTY_kBbnU1wda081J6Fy8Fnk>
Subject: Re: [6lo] Draft applicability for 6775bis
X-BeenThere: 6lo@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Mailing list for the 6lo WG for Internet Area issues in IPv6 over constrained node networks." <6lo.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6lo>, <mailto:6lo-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6lo/>
List-Post: <mailto:6lo@ietf.org>
List-Help: <mailto:6lo-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6lo>, <mailto:6lo-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Apr 2017 18:06:42 -0000
On 4/20/2017 9:15 AM, Pascal Thubert (pthubert) wrote: > > What about : > > > > « > > This implies that a 6LR or 6LBR which is intended to support N > hosts MUST have space to register at least on the order of 10N IPv6 > addresses. > > « > > -> > > « > > This implies that the capabilities of 6LR and 6LBRs in terms of > number of registrations must be clearly announced in the router > documentation, and that a network administrator should deploy adapted > 6LR/6LBRs to support the number and type of devices in his network, > based on the number of IPv6 addresses that those devices require. > > « > > > > Works ? > I don't have a strong opinion on this wording, but I have a recommendation for the authors of the draft. This discussion outlined a couple of concerns about potential abuses. For example, I noted the following: 1) Registration procedure could be used to deny access, by abusing the administrative rejection option. 2) Nodes registering a large number of IID could overwhelm the registration system. I would also add a generic concern about unique identifiers and privacy. This is an obvious concern in mobility scenarios, but even for static networks it also is a concern if the option can be observed outside the network. I understand that the encrypted link provides some mitigation, but having provisions to vary the IID over time would be even better. It might be a good idea to document these issues in the security considerations. -- Christian Huitema
- Re: [6lo] Draft applicability for 6775bis Gabriel Montenegro
- Re: [6lo] Draft applicability for 6775bis Pascal Thubert (pthubert)
- Re: [6lo] Draft applicability for 6775bis Pascal Thubert (pthubert)
- Re: [6lo] Draft applicability for 6775bis Lorenzo Colitti
- Re: [6lo] Draft applicability for 6775bis Pascal Thubert (pthubert)
- Re: [6lo] Draft applicability for 6775bis Lorenzo Colitti
- Re: [6lo] Draft applicability for 6775bis Lorenzo Colitti
- Re: [6lo] Draft applicability for 6775bis Pascal Thubert (pthubert)
- Re: [6lo] Draft applicability for 6775bis Christian Huitema
- [6lo] Draft applicability for 6775bis Erik Nordmark
- Re: [6lo] Draft applicability for 6775bis Dave Thaler
- Re: [6lo] Draft applicability for 6775bis Pascal Thubert (pthubert)
- Re: [6lo] Draft applicability for 6775bis Suresh Krishnan
- Re: [6lo] Draft applicability for 6775bis Brian Haberman
- Re: [6lo] Draft applicability for 6775bis Pascal Thubert (pthubert)
- Re: [6lo] Draft applicability for 6775bis Pascal Thubert (pthubert)