IETF Logo Mail Archive

Re: [dhcwg] IETF-93 Follow Up - draft-ietf-dhc-stable-privacy-addresses (Respond by Aug 11, 2015)

Fernando Gont <fgont@si6networks.com> Thu, 06 August 2015 14:30 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E344C1A87C3 for <dhcwg@ietfa.amsl.com>; Thu, 6 Aug 2015 07:30:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vbiAwUMoNlCC for <dhcwg@ietfa.amsl.com>; Thu, 6 Aug 2015 07:30:18 -0700 (PDT)
Received: from web01.jbserver.net (web01.jbserver.net [IPv6:2a00:8240:6:a::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E7F9A1A8797 for <dhcwg@ietf.org>; Thu, 6 Aug 2015 07:30:17 -0700 (PDT)
Received: from [84.47.113.16] (helo=[192.168.1.14]) by web01.jbserver.net with esmtpsa (TLSv1.2:DHE-RSA-AES128-SHA:128) (Exim 4.85) (envelope-from <fgont@si6networks.com>) id 1ZNMBO-0004EL-7O; Thu, 06 Aug 2015 16:30:10 +0200
Message-ID: <55C36F3C.7050405@si6networks.com>
Date: Thu, 06 Aug 2015 16:29:16 +0200
From: Fernando Gont <fgont@si6networks.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.8.0
MIME-Version: 1.0
To: Tomek Mrugalski <tomasz.mrugalski@gmail.com>, "Bernie Volz (volz)" <volz@cisco.com>, "dhcwg@ietf.org" <dhcwg@ietf.org>
References: <489D13FBFA9B3E41812EA89F188F018E1CB90384@xmb-rcd-x04.cisco.com> <55B91127.9020403@gmail.com> <55BB7978.3030805@si6networks.com> <55BFD0E9.7050605@gmail.com>
In-Reply-To: <55BFD0E9.7050605@gmail.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/dhcwg/dALTIzZloCahWpogGLH2CYuvaZo>
Subject: Re: [dhcwg] IETF-93 Follow Up - draft-ietf-dhc-stable-privacy-addresses (Respond by Aug 11, 2015)
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Aug 2015 14:30:21 -0000

Tomek,

On 08/03/2015 10:36 PM, Tomek Mrugalski wrote:
>>> With my co-chair hat off, I think this draft could have been useful
>>> couple years ago. It defines an allocation strategy that could be
>>> beneficial in certain cases. Some modern DHCP servers allow multiple
>>> allocation strategies and this could have been one of them. The text
>>> suggested that the algorithm specified is the only right way to do it.
>>> It is not.
>>
>> Could you please point what's the offending text? -- i.e., the text that
>> claims that this is the only way to generate IIDs with DHCPv6?
> I think that's the same text Erik mentioned in Prague at the mic.
> 
> Section 4, first paragraph:
> 
>    DHCPv6 server implementations conforming to this specification MUST
>    generate non-temporary IPv6 addresses using the algorithm specified
>    in this section.
> 
> Here's specific example. The implementation I'm working on has the
> capability to support multiple allocation strategies: iterative, random
> etc. Your proposal can be another one considered. The text above says
> that if I implement your proposal, I must also drop support for all
> other allocation strategies.

It is not meant to do that. It is meant to say "if you're enabling
employing this technique, you must use it for all your DHCPv6 IIDs".

As you may see, if anything, there's room for improvement and tightening
up the text.. but I don't see why this should result in "let's knock
down this I-D" if it doesn't look perfect.



>>> The general consensus seems be that changing MAC addresses and all
>>> associated identifiers over time is the way to go. That's what the
>>> anonymity profile and other associated work in other WGs is proposing.
>>> Had we published this draft, it would be confusing for vendors what the
>>> recommendation for privacy is: randomize MAC addresses or go with stable
>>> privacy addresses. Based on that I'm in favor of dropping this work.
>>
>> Has anyone really assessed everything that could go wrong with
>> randomized MAC addresses?  -- THink of SAVI and other first-hop-secuity
>> mechanisms, issues with the ND cache, etc.
> Authors of the dhcp privacy and anonymity profile drafts received
> several comments, but they always could use more. By all means, if you
> have anything to add, please comment on them.

This is my comment: "I believe MAC address randomization is extremely
likely to break all sorts of first security techniques."



>> IMO, while probably desirable, I'd flag MAC address randomization as
>> "experimental" rather than "the way to go".
> Ok, maybe that was a bit inpricise statement. Let me rephrase. It seems
> that at this time there's rough consensus that MAC based randomization
> is the preferred solution for the privacy concerns raised in RFC7258,
> draft-ietf-dhc-dhcp{v6}-privacy and other places.

I repeat: Hsa anyone really thoroughly accessed whether this is going to
break FHS techniques currently employed?



> Keep in mind that WG consensus is not something set in stone. People
> change their minds over time. More analysis and better understanding of
> a problem is available over time. 

THat's exactly the point. The technial comments I've seen so far from
LOrenzo are simply bogus. The part that you don't like from the I-D
simply needs to be clarified. And so far, this have been so far the
reasons to say "let's drop this"....


> New solutions are being proposed.
> These all influence people decisions. Work that used to be appealing may
> lose its appeal over time. Successful adoption call answers the question
> whether a WG is willing to work on something, not a promise to publish
> the draft no matter what. Drafts can be abandoned at any stage. It may
> be disappointing when it happens, but it happens nevertheless.

Yes, I'm aware of this 8I've participated in the IETF process for 10+
years). But what I see in this case is that some folks (e.g. Lorenzo)
are arguing to drp this without concrete ans sensible technical reasons.

I've elaborated on teh value, and on the issues raised by LOrenzo.
However, it seems that "the default is to drop", because of a hum taking
at the dhc meeting, when no ne uming really make a strong technical
point against this document. Thus, such action does not seem sensible to me.

Thanks,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

v2.23.0 | Report a Bug | By Email