Re: [dhcwg] IETF-93 Follow Up - draft-ietf-dhc-stable-privacy-addresses (Respond by Aug 11, 2015)
Tomek Mrugalski <tomasz.mrugalski@gmail.com> Mon, 03 August 2015 20:37 UTC
Return-Path: <tomasz.mrugalski@gmail.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65F511B3119 for <dhcwg@ietfa.amsl.com>; Mon, 3 Aug 2015 13:37:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YA_sGXEdKCtY for <dhcwg@ietfa.amsl.com>; Mon, 3 Aug 2015 13:37:02 -0700 (PDT)
Received: from mail-la0-x22e.google.com (mail-la0-x22e.google.com [IPv6:2a00:1450:4010:c03::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DFD931B311A for <dhcwg@ietf.org>; Mon, 3 Aug 2015 13:37:01 -0700 (PDT)
Received: by labow3 with SMTP id ow3so24960972lab.1 for <dhcwg@ietf.org>; Mon, 03 Aug 2015 13:37:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=zew8zbI8FWPWM3PlOJJ8skHmexk9vpfahOhjaN88H1c=; b=Yq3c3UVc3BhKksJaimQZAYuZxBgl/tznodoxrw8ARx6yN6ouM0DcX/nRfrcF3+HUW+ vXHn3IirsIZkNNxsaEv8LLbIaAhDR9WUppTPI2I5hXnxCnUnSdZEk90TdVW01Kl2O23y UhKh/7XURG6qlG3yzSxa650SOH+5SC6VZbolMuDkjaP2BJHI7BAAvL9/4wABZw4gUxCk V3tq40Ym120bq/3yAlZglLhO/bQoZfR3K/J5x6YUw3VlAJa3o/u3Q5ojQ7h3ZgYEBD1V 9N5wvNiBtQSyPhb/ehK902QxifirBINUdF9gN+G6M7pbzyT0kkCHaTH6yMU3tA5f6gke IheA==
X-Received: by 10.112.120.134 with SMTP id lc6mr18931040lbb.86.1438634220241; Mon, 03 Aug 2015 13:37:00 -0700 (PDT)
Received: from voyager2.local (109107011157.gdansk.vectranet.pl. [109.107.11.157]) by smtp.googlemail.com with ESMTPSA id ph4sm3225147lbb.3.2015.08.03.13.36.58 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 03 Aug 2015 13:36:59 -0700 (PDT)
Message-ID: <55BFD0E9.7050605@gmail.com>
Date: Mon, 03 Aug 2015 22:36:57 +0200
From: Tomek Mrugalski <tomasz.mrugalski@gmail.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: Fernando Gont <fgont@si6networks.com>, "Bernie Volz (volz)" <volz@cisco.com>, "dhcwg@ietf.org" <dhcwg@ietf.org>
References: <489D13FBFA9B3E41812EA89F188F018E1CB90384@xmb-rcd-x04.cisco.com> <55B91127.9020403@gmail.com> <55BB7978.3030805@si6networks.com>
In-Reply-To: <55BB7978.3030805@si6networks.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/dhcwg/5YkSNaqDTgXQyf67l9F6xhhxJhc>
Subject: Re: [dhcwg] IETF-93 Follow Up - draft-ietf-dhc-stable-privacy-addresses (Respond by Aug 11, 2015)
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Aug 2015 20:37:07 -0000
On 31/07/15 15:34, Fernando Gont wrote: > Tomek, > > On 07/29/2015 07:45 PM, Tomek Mrugalski wrote: >> >> With my co-chair hat off, I think this draft could have been useful >> couple years ago. It defines an allocation strategy that could be >> beneficial in certain cases. Some modern DHCP servers allow multiple >> allocation strategies and this could have been one of them. The text >> suggested that the algorithm specified is the only right way to do it. >> It is not. > > Could you please point what's the offending text? -- i.e., the text that > claims that this is the only way to generate IIDs with DHCPv6? I think that's the same text Erik mentioned in Prague at the mic. Section 4, first paragraph: DHCPv6 server implementations conforming to this specification MUST generate non-temporary IPv6 addresses using the algorithm specified in this section. Here's specific example. The implementation I'm working on has the capability to support multiple allocation strategies: iterative, random etc. Your proposal can be another one considered. The text above says that if I implement your proposal, I must also drop support for all other allocation strategies. >> The general consensus seems be that changing MAC addresses and all >> associated identifiers over time is the way to go. That's what the >> anonymity profile and other associated work in other WGs is proposing. >> Had we published this draft, it would be confusing for vendors what the >> recommendation for privacy is: randomize MAC addresses or go with stable >> privacy addresses. Based on that I'm in favor of dropping this work. > > Has anyone really assessed everything that could go wrong with > randomized MAC addresses? -- THink of SAVI and other first-hop-secuity > mechanisms, issues with the ND cache, etc. Authors of the dhcp privacy and anonymity profile drafts received several comments, but they always could use more. By all means, if you have anything to add, please comment on them. > IMO, while probably desirable, I'd flag MAC address randomization as > "experimental" rather than "the way to go". Ok, maybe that was a bit inpricise statement. Let me rephrase. It seems that at this time there's rough consensus that MAC based randomization is the preferred solution for the privacy concerns raised in RFC7258, draft-ietf-dhc-dhcp{v6}-privacy and other places. Keep in mind that WG consensus is not something set in stone. People change their minds over time. More analysis and better understanding of a problem is available over time. New solutions are being proposed. These all influence people decisions. Work that used to be appealing may lose its appeal over time. Successful adoption call answers the question whether a WG is willing to work on something, not a promise to publish the draft no matter what. Drafts can be abandoned at any stage. It may be disappointing when it happens, but it happens nevertheless. Tomek
- [dhcwg] IETF-93 Follow Up - draft-ietf-dhc-stable… Bernie Volz (volz)
- Re: [dhcwg] IETF-93 Follow Up - draft-ietf-dhc-st… Tomek Mrugalski
- Re: [dhcwg] IETF-93 Follow Up - draft-ietf-dhc-st… Fernando Gont
- Re: [dhcwg] IETF-93 Follow Up - draft-ietf-dhc-st… Fernando Gont
- Re: [dhcwg] IETF-93 Follow Up - draft-ietf-dhc-st… Bernie Volz (volz)
- Re: [dhcwg] IETF-93 Follow Up - draft-ietf-dhc-st… 神明達哉
- Re: [dhcwg] IETF-93 Follow Up - draft-ietf-dhc-st… Christian Huitema
- [dhcwg] Security/Privacy & Addressing (was: Re: I… Fernando Gont
- Re: [dhcwg] IETF-93 Follow Up - draft-ietf-dhc-st… Loganaden Velvindron
- Re: [dhcwg] IETF-93 Follow Up - draft-ietf-dhc-st… Tomek Mrugalski
- Re: [dhcwg] IETF-93 Follow Up - draft-ietf-dhc-st… Liushucheng (Will)
- Re: [dhcwg] IETF-93 Follow Up - draft-ietf-dhc-st… Lorenzo Colitti
- Re: [dhcwg] IETF-93 Follow Up - draft-ietf-dhc-st… Bernie Volz (volz)
- Re: [dhcwg] IETF-93 Follow Up - draft-ietf-dhc-st… Fernando Gont
- Re: [dhcwg] IETF-93 Follow Up - draft-ietf-dhc-st… Fernando Gont
- Re: [dhcwg] IETF-93 Follow Up - draft-ietf-dhc-st… Fernando Gont
- Re: [dhcwg] IETF-93 Follow Up - draft-ietf-dhc-st… Fernando Gont
- Re: [dhcwg] IETF-93 Follow Up - draft-ietf-dhc-st… Linhui Sun
- Re: [dhcwg] IETF-93 Follow Up - draft-ietf-dhc-st… Lorenzo Colitti
- Re: [dhcwg] IETF-93 Follow Up - draft-ietf-dhc-st… Fernando Gont
- Re: [dhcwg] IETF-93 Follow Up - draft-ietf-dhc-st… Lorenzo Colitti
- Re: [dhcwg] IETF-93 Follow Up - draft-ietf-dhc-st… 神明達哉
- Re: [dhcwg] IETF-93 Follow Up - draft-ietf-dhc-st… Linhui Sun
- Re: [dhcwg] IETF-93 Follow Up - draft-ietf-dhc-st… Fernando Gont
- Re: [dhcwg] IETF-93 Follow Up - draft-ietf-dhc-st… Chuck Anderson
- Re: [dhcwg] IETF-93 Follow Up - draft-ietf-dhc-st… Lorenzo Colitti
- Re: [dhcwg] IETF-93 Follow Up - draft-ietf-dhc-st… Fernando Gont
- Re: [dhcwg] IETF-93 Follow Up - draft-ietf-dhc-st… Lorenzo Colitti