Re: [Anima] Is this how BRSKI/IPIP works?

Eliot Lear <> Thu, 13 July 2017 20:58 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 4311C12EC14 for <>; Thu, 13 Jul 2017 13:58:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -14.503
X-Spam-Status: No, score=-14.503 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id P5JA9SYRx818 for <>; Thu, 13 Jul 2017 13:58:49 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id C4D261267BB for <>; Thu, 13 Jul 2017 13:58:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=2770; q=dns/txt; s=iport; t=1499979528; x=1501189128; h=subject:to:cc:references:from:message-id:date: mime-version:in-reply-to; bh=9XcJQvD2/+//QZgalfha1ht4eS6+RUseKZ9OMq5O2g8=; b=GI0cQEfoIpZspk0TfMk5H8imI7qnu8XAbYAgO5RG2uj64b9kRrnD7WXa Q2P7HO8j/ko/JZ/mf8wSlhU6GOJ2GOGatj6RITqBHagL+7wzJnaTEx+fV OAaikoQNafohCnDKeCGnZKbCOs9w8SvQTxp/dhxYkJhg/ROeN+IVBPkYo o=;
X-Files: signature.asc : 481
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.40,355,1496102400"; d="asc'?scan'208";a="653226186"
Received: from (HELO ([]) by with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 13 Jul 2017 20:58:46 +0000
Received: from [] ([]) by (8.14.5/8.14.5) with ESMTP id v6DKwkBk021032; Thu, 13 Jul 2017 20:58:46 GMT
To: Toerless Eckert <>, Brian E Carpenter <>
Cc: Anima WG <>
References: <> <> <> <>
From: Eliot Lear <>
Message-ID: <>
Date: Thu, 13 Jul 2017 22:58:45 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="vMRSWKslnwsTnf91DJTsIRwhb1dQRDmIn"
Archived-At: <>
Subject: Re: [Anima] Is this how BRSKI/IPIP works?
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 13 Jul 2017 20:58:50 -0000

Hi Toerless,

On 7/6/17 9:09 AM, Toerless Eckert wrote:
> On Thu, Jul 06, 2017 at 04:34:05PM +1200, Brian E Carpenter wrote:
>> It used to be, but the recommendation today is a pseudo-random
>> value (RFC7217). In any case it's a software choice.
> brand new recommendations do not equate to be expected
> standard practice in products. Would be very good to have
> folks with practical insight into various products to 
> provide more information.
On this point, I think it's quite likely that we will see a good number
of devices fielded that will do a lousy job of PRNG, and so it would be
inadvisable for them to implement RFC7217, lest they test their DAD code
in ways not really intended.  I'm not thinking about iPhones here, but
energy harvesting devices like some light switches, and a bunch of,
well,... crap.

The question is whether you should design for these devices.  IMHO "no"
is a perfectly valid answer, but I'm still a bit skeptical about the
value of 7217 for these class of devices in any event.