Re: [6lo] Generation of IPv6 IIDs
Erik Nordmark <nordmark@acm.org> Thu, 24 July 2014 01:06 UTC
Return-Path: <nordmark@acm.org>
X-Original-To: 6lo@ietfa.amsl.com
Delivered-To: 6lo@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 832571A03D6 for <6lo@ietfa.amsl.com>; Wed, 23 Jul 2014 18:06:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.235
X-Spam-Level:
X-Spam-Status: No, score=-1.235 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_SOFTFAIL=0.665] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SVjKY0pQN_K3 for <6lo@ietfa.amsl.com>; Wed, 23 Jul 2014 18:06:00 -0700 (PDT)
Received: from d.mail.sonic.net (d.mail.sonic.net [64.142.111.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6535D1A03C0 for <6lo@ietf.org>; Wed, 23 Jul 2014 18:06:00 -0700 (PDT)
Received: from [31.133.180.122] (dhcp-b47a.meeting.ietf.org [31.133.180.122]) (authenticated bits=0) by d.mail.sonic.net (8.14.9/8.14.9) with ESMTP id s6O15o24023231 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Wed, 23 Jul 2014 18:05:51 -0700
Message-ID: <53D05BED.7020608@acm.org>
Date: Wed, 23 Jul 2014 18:05:49 -0700
From: Erik Nordmark <nordmark@acm.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Fernando Gont <fgont@si6networks.com>, Samita Chakrabarti <samita.chakrabarti@ericsson.com>, "6lo@ietf.org" <6lo@ietf.org>
References: <5361A67D.4010508@si6networks.com> <ECA43DA70480A3498E43C3471FB2E1F01C1FBD12@eusaamb103.ericsson.se> <53D059E8.6030709@si6networks.com>
In-Reply-To: <53D059E8.6030709@si6networks.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Sonic-CAuth: UmFuZG9tSVZRHd2r9cz5rFLb4XboEUT2TqbQxh3d9jmi8bXXI158IegrrcBRJp7YLOZoLUCMzDWWY/lmk4D6G598921iOpPsHjc/agwQMVo=
X-Sonic-ID: C;ypIRp84S5BGJiefV54E5FQ== M;TGeDp84S5BGJiefV54E5FQ==
X-Sonic-Spam-Details: 0.0/5.0 by cerberusd
Archived-At: http://mailarchive.ietf.org/arch/msg/6lo/o56Y3VDhOQpl5TqwRchg5zor2Q4
Cc: "6lo-chairs@tools.ietf.org" <6lo-chairs@tools.ietf.org>, "6man Chairs (6man-chairs@tools.ietf.org)" <6man-chairs@tools.ietf.org>, Erik Nordmark <nordmark@cisco.com>, "draft-ietf-6man-default-iids@tools.ietf.org" <draft-ietf-6man-default-iids@tools.ietf.org>, Dave Thaler <dthaler@microsoft.com>
Subject: Re: [6lo] Generation of IPv6 IIDs
X-BeenThere: 6lo@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Mailing list for the 6lo WG for Internet Area issues in IPv6 over constrained node networks." <6lo.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6lo>, <mailto:6lo-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/6lo/>
List-Post: <mailto:6lo@ietf.org>
List-Help: <mailto:6lo-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6lo>, <mailto:6lo-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Jul 2014 01:06:04 -0000
On 7/23/14, 5:57 PM, Fernando Gont wrote: > Hi, Samita, > > [Erik Nordmark added t te CC list] > > Thanks so much for your effort and help in summarizing the discussion! > Please find my comments in-line.... > > > On 07/22/2014 12:41 PM, Samita Chakrabarti wrote: >> Based on the discussions at the 6lo list regarding the impact of >> default-iid draft on 6lo/6lowpan documents and future ipv6-over-foo >> 6lo documents, Ulrich, Ralph and myself had a discussion and our >> recommendation to default-iid co-authors are to either list 6lo >> specific RFCs or make a general statement about 6lo/6lowpan documents >> for exceptions from default-iid mandate. The future documents in 6lo >> WG would consider the default-iid recommendations when applicable. >> But note that 6lo deals with constrained nodes and >> RFC6282/RFC4944/RFC6755 do require using IID bits for efficiency over >> privacy in a constrained network environment that can be isolated >> from the rest of the Internet. > The question here maybe is whether we want to flag these documents as > "exceptions", or whether we want to flag them as "these documents rely > on MAC-address-based IIDs. They may continue to employ such IIDs while a > solution that does not rely on such IIDs is generated". I think we should assume that those documents will be updated in the future to provide the option to work with other IIDs even if that comes with lower efficiency. > > (i.e., "it's okay to leave as is" vs. "there's work to be done here"...) > > The "there's work to be done" option seems to be the one suggested by > Erik, and I tend to like it better than the "leave it 'as is'" Yep. Once such work has been done there might be a deployment choice (depending on whether there would be a loss in efficiency with different IIDs). I think the 802.1AR point that Michael brought up is more about the MAC address than the IID. One should be able to use a certifcate tied to a MAC address even if the IID is not based on the MAC address. Erik > > > >> Carsten Bormann <cabo@tzi.org> ========================== Privacy >> leaks for link-local cases requires privacy fixing at the lower >> layers: https://www.w3.org/2014/strint/papers/35.pdf >> >> Owen Kirby <osk@exegin.com> =========================== Re-assigning >> link-layer IID is another way to solve privacy in 6lo > My take is that these two are orthogonal. So I don't think one should > consider "randomizing the MAC address" as an alternative to employing > privacy-enhanced IIDs. > > Thanks! > > Best regards,
- [6lo] Generation of IPv6 IIDs Fernando Gont
- Re: [6lo] Generation of IPv6 IIDs Dijk, Esko
- Re: [6lo] Generation of IPv6 IIDs Erik Nordmark
- Re: [6lo] Generation of IPv6 IIDs Robert Cragie
- Re: [6lo] Generation of IPv6 IIDs Carsten Bormann
- Re: [6lo] Generation of IPv6 IIDs Owen Kirby
- Re: [6lo] Generation of IPv6 IIDs Paul Duffy
- Re: [6lo] Generation of IPv6 IIDs Fernando Gont
- Re: [6lo] Generation of IPv6 IIDs Fernando Gont
- Re: [6lo] Generation of IPv6 IIDs Fernando Gont
- Re: [6lo] Generation of IPv6 IIDs Fernando Gont
- Re: [6lo] Generation of IPv6 IIDs Dijk, Esko
- Re: [6lo] Generation of IPv6 IIDs Dave Thaler
- Re: [6lo] Generation of IPv6 IIDs Samita Chakrabarti
- Re: [6lo] Generation of IPv6 IIDs Michael Richardson
- Re: [6lo] Generation of IPv6 IIDs Samita Chakrabarti
- Re: [6lo] Generation of IPv6 IIDs Michael Richardson
- Re: [6lo] Generation of IPv6 IIDs Fernando Gont
- Re: [6lo] Generation of IPv6 IIDs Erik Nordmark
- Re: [6lo] Generation of IPv6 IIDs Samita Chakrabarti
- Re: [6lo] Generation of IPv6 IIDs Jonathan Hui (johui)
- Re: [6lo] Generation of IPv6 IIDs Samita Chakrabarti
- Re: [6lo] Generation of IPv6 IIDs Erik Nordmark
- Re: [6lo] Generation of IPv6 IIDs Kerry Lynn
- Re: [6lo] Generation of IPv6 IIDs Erik Nordmark
- Re: [6lo] Generation of IPv6 IIDs Fernando Gont
- [6lo] FW: Generation of IPv6 IIDs Turner, Randy
- Re: [6lo] Generation of IPv6 IIDs Turner, Randy
- Re: [6lo] FW: Generation of IPv6 IIDs Fernando Gont
- Re: [6lo] Generation of IPv6 IIDs Jonathan Hui (johui)
- Re: [6lo] FW: Generation of IPv6 IIDs Turner, Randy