IETF Logo Mail Archive

Re: [6lo] Generation of IPv6 IIDs

Erik Nordmark <nordmark@acm.org> Thu, 24 July 2014 01:06 UTC

Return-Path: <nordmark@acm.org>
X-Original-To: 6lo@ietfa.amsl.com
Delivered-To: 6lo@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 832571A03D6 for <6lo@ietfa.amsl.com>; Wed, 23 Jul 2014 18:06:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.235
X-Spam-Level:
X-Spam-Status: No, score=-1.235 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_SOFTFAIL=0.665] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SVjKY0pQN_K3 for <6lo@ietfa.amsl.com>; Wed, 23 Jul 2014 18:06:00 -0700 (PDT)
Received: from d.mail.sonic.net (d.mail.sonic.net [64.142.111.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6535D1A03C0 for <6lo@ietf.org>; Wed, 23 Jul 2014 18:06:00 -0700 (PDT)
Received: from [31.133.180.122] (dhcp-b47a.meeting.ietf.org [31.133.180.122]) (authenticated bits=0) by d.mail.sonic.net (8.14.9/8.14.9) with ESMTP id s6O15o24023231 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Wed, 23 Jul 2014 18:05:51 -0700
Message-ID: <53D05BED.7020608@acm.org>
Date: Wed, 23 Jul 2014 18:05:49 -0700
From: Erik Nordmark <nordmark@acm.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Fernando Gont <fgont@si6networks.com>, Samita Chakrabarti <samita.chakrabarti@ericsson.com>, "6lo@ietf.org" <6lo@ietf.org>
References: <5361A67D.4010508@si6networks.com> <ECA43DA70480A3498E43C3471FB2E1F01C1FBD12@eusaamb103.ericsson.se> <53D059E8.6030709@si6networks.com>
In-Reply-To: <53D059E8.6030709@si6networks.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Sonic-CAuth: UmFuZG9tSVZRHd2r9cz5rFLb4XboEUT2TqbQxh3d9jmi8bXXI158IegrrcBRJp7YLOZoLUCMzDWWY/lmk4D6G598921iOpPsHjc/agwQMVo=
X-Sonic-ID: C;ypIRp84S5BGJiefV54E5FQ== M;TGeDp84S5BGJiefV54E5FQ==
X-Sonic-Spam-Details: 0.0/5.0 by cerberusd
Archived-At: http://mailarchive.ietf.org/arch/msg/6lo/o56Y3VDhOQpl5TqwRchg5zor2Q4
Cc: "6lo-chairs@tools.ietf.org" <6lo-chairs@tools.ietf.org>, "6man Chairs (6man-chairs@tools.ietf.org)" <6man-chairs@tools.ietf.org>, Erik Nordmark <nordmark@cisco.com>, "draft-ietf-6man-default-iids@tools.ietf.org" <draft-ietf-6man-default-iids@tools.ietf.org>, Dave Thaler <dthaler@microsoft.com>
Subject: Re: [6lo] Generation of IPv6 IIDs
X-BeenThere: 6lo@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Mailing list for the 6lo WG for Internet Area issues in IPv6 over constrained node networks." <6lo.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6lo>, <mailto:6lo-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/6lo/>
List-Post: <mailto:6lo@ietf.org>
List-Help: <mailto:6lo-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6lo>, <mailto:6lo-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Jul 2014 01:06:04 -0000

On 7/23/14, 5:57 PM, Fernando Gont wrote:
> Hi, Samita,
>
> [Erik Nordmark added t te CC list]
>
> Thanks so much for your effort and help in summarizing the discussion!
> Please find my comments in-line....
>
>
> On 07/22/2014 12:41 PM, Samita Chakrabarti wrote:
>> Based on the discussions at the 6lo list regarding the impact of
>> default-iid draft on 6lo/6lowpan documents and future ipv6-over-foo
>> 6lo documents, Ulrich, Ralph and myself had a discussion and our
>> recommendation to default-iid co-authors are to either list 6lo
>> specific RFCs or make a general statement about 6lo/6lowpan documents
>> for exceptions from default-iid  mandate. The future documents in 6lo
>> WG  would consider the default-iid recommendations when applicable.
>> But note that 6lo deals with  constrained nodes and
>> RFC6282/RFC4944/RFC6755 do require using IID bits for efficiency over
>> privacy in a constrained network environment that can be isolated
>> from the rest of the Internet.
> The question here maybe is whether we want to flag these documents as
> "exceptions", or whether we want to flag them as "these documents rely
> on MAC-address-based IIDs. They may continue to employ such IIDs while a
> solution that does not rely on such IIDs is generated".

I think we should assume that those documents will be updated in the 
future to provide the option to work with other IIDs even if that comes 
with lower efficiency.
>
> (i.e., "it's okay to leave as is" vs. "there's work to be done here"...)
>
> The "there's work to be done" option seems to be the one suggested by
> Erik, and I tend to like it better than the "leave it 'as is'"

Yep. Once such work has been done there might be a deployment choice 
(depending on whether there would be a loss in efficiency with different 
IIDs).

I think the

802.1AR point that Michael brought up is more about the MAC address than the IID. One should be able to use a certifcate tied to a MAC address even if the IID is not based on the MAC address.

     Erik

>
>
>
>> Carsten Bormann <cabo@tzi.org> ========================== Privacy
>> leaks for link-local cases requires privacy fixing at the lower
>> layers: https://www.w3.org/2014/strint/papers/35.pdf
>>
>> Owen Kirby <osk@exegin.com> =========================== Re-assigning
>> link-layer IID is another way to solve privacy in 6lo
> My take is that these two are orthogonal. So I don't think one should
> consider "randomizing the MAC address" as an alternative to employing
> privacy-enhanced IIDs.
>
> Thanks!
>
> Best regards,

v2.23.0 | Report a Bug | By Email