IETF Logo Mail Archive

Re: Non routable IPv6 registry proposal

Phillip Hallam-Baker <phill@hallambaker.com> Fri, 22 January 2021 01:02 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CDB313A0E1C for <ietf@ietfa.amsl.com>; Thu, 21 Jan 2021 17:02:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.402
X-Spam-Level:
X-Spam-Status: No, score=-1.402 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.248, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id avmW4zzSz9bZ for <ietf@ietfa.amsl.com>; Thu, 21 Jan 2021 17:02:31 -0800 (PST)
Received: from mail-yb1-f171.google.com (mail-yb1-f171.google.com [209.85.219.171]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5BA523A0E17 for <ietf@ietf.org>; Thu, 21 Jan 2021 17:02:31 -0800 (PST)
Received: by mail-yb1-f171.google.com with SMTP id b11so3907628ybj.9 for <ietf@ietf.org>; Thu, 21 Jan 2021 17:02:31 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=e+52ywFXo4YmGS04uxI+E0lAQWMlgvH4PKEifdT46Dk=; b=dNA0GUu1Tu64nqh7mGmFC+SfyAgs8O0qbN06SPnAGgJaanyxKqx0rOpoiHdlY6by2U dB1OYImbtQKgBS2Tqo76US6fsfB84JMOATgPKA5C8VTpktmojH1uAncfd6BLNjq15/9K BT7IJ52Ihh8D+TaNTCwRNKbRMd0bdsrvJ1hDsm2/MoHs3qd19r8+7XKm9OB56SJTScMr xQjzaKEtuzQ764U6tEE9ruyoBUuSo5PCmGbKDuUjLFvgscVJKHzdlVNjBmXfsLhxHsHR GPQb+5u7puX2xGVtA+YLak/GYfcMETbIbGl98iyzY8WzFH90iZegibYMLD93f37zLsiY M8jQ==
X-Gm-Message-State: AOAM5326CYn2yXriuXvY/NbK5Fde1Uo1q1yENNOd2CrrvLL7eHSWcnGh zYxfIY35U+atNd/F/dJ0jvoGMa/j5LZhJLSjL+0=
X-Google-Smtp-Source: ABdhPJxJy8gwJXMhFInboCcKlKqnr6zOyZYyYbkChUmaU1LM7s+3SKggkL57BSPCaQX88t5YM+DEFyvVzAzwm5BmG48=
X-Received: by 2002:a25:3bd2:: with SMTP id i201mr2942640yba.302.1611277350424; Thu, 21 Jan 2021 17:02:30 -0800 (PST)
MIME-Version: 1.0
References: <CAMm+LwjNiE0P7RAVqzKMypNbh3=9BeqiWn_hGv3E=zX7-YmSXQ@mail.gmail.com> <72F969A9-AF94-47B6-B48C-B3CD4D9A7C72@strayalpha.com> <7cc9e38c-5a00-ec59-a8c2-10503cc40d50@si6networks.com> <CB1A6DF0-8CDD-495D-9F7B-80BF72F08C1E@strayalpha.com> <CAMm+LwjU2SQeydRJ7zcDORz+1-z634OCe34HMKTKHiQvg+4M7w@mail.gmail.com> <00a9feed-5e48-05de-b3ee-27d9a98c6be1@gmail.com>
In-Reply-To: <00a9feed-5e48-05de-b3ee-27d9a98c6be1@gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Thu, 21 Jan 2021 20:02:19 -0500
Message-ID: <CAMm+Lwgonpf7TgA-oHR+bk3LvKA2Dc5q-2uEan318D37vAkwAA@mail.gmail.com>
Subject: Re: Non routable IPv6 registry proposal
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, IETF Discussion Mailing List <ietf@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000001b558b05b972be2b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/T8w7xnur7RtnuhDO9Z7MULHR-gg>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Jan 2021 01:02:33 -0000

On Thu, Jan 21, 2021 at 2:56 PM Brian E Carpenter <
brian.e.carpenter@gmail.com> wrote:

> Putting two things together:
> On 22-Jan-21 07:57, Phillip Hallam-Baker wrote:
> ...
> > A ULA->Public key registry provides exactly the right degree of
> incentive. It allows us to take an area that is currently flaky as heck and
> make it 'just work'. That area is VPN access.
>
> Yes, but afaik you (or I) can't claim ownership of random numbers. So if
> my ULA prefix is fd63:45eb:dc14::/48 and I provide a public key for it,
> what's to stop you using the same prefix and providing your own public key
> for it?
>

The registry undertakes to only issue each prefix once and bind it to a
public key specified by the holder.

The registry publishes the allocation in an append only log which is
attested by a blockchain type technique. So there is (almost) no scope for
the registry to defect.




> On 22-Jan-21 01:20, Michael Richardson wrote:
>
> > Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
> >     >> While ULAs and privacy enhanced addresses have important uses for
> >     >> individual privacy, when it comes to non-moving
> business/enterprise
> >     >> infrastructure, audit and accountability is much more important,
> and
> >     >> ULA-R does not satisfy that.
> >
> >     > How is that problem solved today for RFC 1918 addresses?
> >
> > It's not.
>
> If ULA usage is validated by a public key, that might appear to support
> audit and accountability, but only if there's a third-party guarantee of
> uniqueness. I think Michael has an important point here. A self-assigned
> ULA prefix has no more legal significance than a Net 10 address.
>

Haber and Stornetta's hash chain notary concept, now known as blockchain
allow the degree of trust in the third party to be very very small.

v2.23.0 | Report a Bug | By Email