IETF Logo Mail Archive

Re: Non routable IPv6 registry proposal

Christian Huitema <huitema@huitema.net> Fri, 22 January 2021 06:24 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 08C5C3A110A for <ietf@ietfa.amsl.com>; Thu, 21 Jan 2021 22:24:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.435
X-Spam-Level:
X-Spam-Status: No, score=-1.435 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.262, ONE_TIME=0.714, SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U3_e6drSi4mc for <ietf@ietfa.amsl.com>; Thu, 21 Jan 2021 22:24:24 -0800 (PST)
Received: from mx43-out1.antispamcloud.com (mx43-out1.antispamcloud.com [138.201.61.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E1D6A3A1288 for <ietf@ietf.org>; Thu, 21 Jan 2021 22:24:09 -0800 (PST)
Received: from xse182.mail2web.com ([66.113.196.182] helo=xse.mail2web.com) by mx134.antispamcloud.com with esmtp (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1l2prW-001BHy-Gd for ietf@ietf.org; Fri, 22 Jan 2021 07:24:05 +0100
Received: from xsmtp21.mail2web.com (unknown [10.100.68.60]) by xse.mail2web.com (Postfix) with ESMTPS id 4DMTjq6NWGz2B05 for <ietf@ietf.org>; Thu, 21 Jan 2021 22:23:59 -0800 (PST)
Received: from [10.5.2.49] (helo=xmail11.myhosting.com) by xsmtp21.mail2web.com with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1l2prT-0006IQ-Q2 for ietf@ietf.org; Thu, 21 Jan 2021 22:23:59 -0800
Received: (qmail 15849 invoked from network); 22 Jan 2021 06:23:57 -0000
Received: from unknown (HELO [192.168.1.106]) (Authenticated-user:_huitema@huitema.net@[172.58.43.146]) (envelope-sender <huitema@huitema.net>) by xmail11.myhosting.com (qmail-ldap-1.03) with ESMTPA for <ietf@ietf.org>; 22 Jan 2021 06:23:57 -0000
Subject: Re: Non routable IPv6 registry proposal
To: Phillip Hallam-Baker <phill@hallambaker.com>
Cc: Brian E Carpenter <brian.e.carpenter@gmail.com>, Michael Richardson <mcr+ietf@sandelman.ca>, IETF Discussion Mailing List <ietf@ietf.org>
References: <CAMm+LwjNiE0P7RAVqzKMypNbh3=9BeqiWn_hGv3E=zX7-YmSXQ@mail.gmail.com> <72F969A9-AF94-47B6-B48C-B3CD4D9A7C72@strayalpha.com> <7cc9e38c-5a00-ec59-a8c2-10503cc40d50@si6networks.com> <CB1A6DF0-8CDD-495D-9F7B-80BF72F08C1E@strayalpha.com> <CAMm+LwjU2SQeydRJ7zcDORz+1-z634OCe34HMKTKHiQvg+4M7w@mail.gmail.com> <00a9feed-5e48-05de-b3ee-27d9a98c6be1@gmail.com> <CAMm+Lwgonpf7TgA-oHR+bk3LvKA2Dc5q-2uEan318D37vAkwAA@mail.gmail.com> <e822c970-745b-c57c-4fe2-622ac9c4eebe@huitema.net> <CAMm+LwjwjOcfJjXywWKwz2o5e6oGYHviXuPtVg5ocxNW3SJLOw@mail.gmail.com>
From: Christian Huitema <huitema@huitema.net>
Message-ID: <2630cee0-db25-3cef-f084-846c3268dbcf@huitema.net>
Date: Thu, 21 Jan 2021 22:23:58 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.6.1
MIME-Version: 1.0
In-Reply-To: <CAMm+LwjwjOcfJjXywWKwz2o5e6oGYHviXuPtVg5ocxNW3SJLOw@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------A6FE55A229A29E3A855D9B1A"
Content-Language: en-US
X-Originating-IP: 66.113.196.182
X-Spampanel-Domain: xsmtpout.mail2web.com
X-Spampanel-Username: 66.113.196.182/32
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=66.113.196.182/32@xsmtpout.mail2web.com
X-Spampanel-Outgoing-Class: unsure
X-Spampanel-Outgoing-Evidence: Combined (0.15)
X-Recommended-Action: accept
X-Filter-ID: Pt3MvcO5N4iKaDQ5O6lkdGlMVN6RH8bjRMzItlySaT9WLQux0N3HQm8ltz8rnu+BPUtbdvnXkggZ 3YnVId/Y5jcf0yeVQAvfjHznO7+bT5x9j7219Tb9QoiGKb6esGsuKj/EwzSHE5FGYwwjsNRPCPZZ i2c/HIosU4lPGUbIlhDmD6wdmZPcItWbGe10hXJtyz/MWLF6jnm7fdxjsJMmvwzR/hTGZT+Rq3LO Lr56rGqtFNcJPmXVvd7BBs93YaeFE5LN1n8YXzQY0mQUNzTGA8teNG+NZ/BA4WKnDt42T7xH3v3Q 7PQeNoNQjwiv3IhNPpDsdaHHqGG7YXgprtn5XLToE7g5LY8o1a6sSJrLl3xdARnv/HGR54G9CHRY hyVqYO/Ae1h1hLGGi4ebv387hThA9A+LrmkGouiRB8qN/5RbHDa6yUUKFnWNneAcuva3BS+iyyNq bT8dUMXMJ4tUCMj6G37ZfAMLceP5aNHPt26RBupu5v1nytoNnc138GfEJRQ2qC7jjynPIHPNqSn4 QTXUjLjYWQt1/5xnQymMoPsgr/U0flMcy2Vi/IcBgY4arPaiJ1W6hAyiRC61jekdwIcXNugoOEbH RyFULpSjm7jZ1h/HfDRQ5Ig8VhPsPE8NDxdyIeJZUl7T+dBx2dACj99Q5P52x4uJZ5J61BsyVNce WO8akIJyW7XljbenG5x92JUne37EdXOqrRyXv4wznlhv5HlKeTDDv3tIhW5FesY11lqdy1V/0aEk MCdb3YpWUo4/+EUytKrR9Md9I2Rs18pGinmE60vD0wX6LXYgkNVPCC/cRgvQKtcrMMueERx3XuZK SHScS0WVLFANQ+MOCMU/8IYAf963JehBzhutWRmIaIzNoZzswxuMaWjBAlpw6n4n4Z/Oe2PcnOJF Z10ZsfUf9oDBqtClgM5jH/om1Q5UomG0v+rwIiID/kwKc8V5Tj9+FRkaOS/DNjANmb8tO61SbYdY AwdpaVzHW7wHO7YhEWyJzIkwSFAW0Pw8uiKeubcolFl/rX+2ReQklqJDASQX2Id+W5hjJNcdGs0+ iHjXODmj5PX/tZQU3bYnWKpb
X-Report-Abuse-To: spam@quarantine11.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/nE_AKJwK7Xmxl7Aofc36YOdusaA>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Jan 2021 06:24:26 -0000

On 1/21/2021 9:57 PM, Phillip Hallam-Baker wrote:
> On Fri, Jan 22, 2021 at 12:45 AM Christian Huitema 
> <huitema@huitema.net <mailto:huitema@huitema.net>> wrote:
>
>     On 1/21/2021 5:02 PM, Phillip Hallam-Baker wrote:
>
>>     On Thu, Jan 21, 2021 at 2:56 PM Brian E Carpenter
>>     <brian.e.carpenter@gmail.com
>>     <mailto:brian.e.carpenter@gmail.com>> wrote:
>>
>>         Putting two things together:
>>         On 22-Jan-21 07:57, Phillip Hallam-Baker wrote:
>>         ...
>>         > A ULA->Public key registry provides exactly the right
>>         degree of incentive. It allows us to take an area that is
>>         currently flaky as heck and make it 'just work'. That area is
>>         VPN access.
>>
>>         Yes, but afaik you (or I) can't claim ownership of random
>>         numbers. So if my ULA prefix is fd63:45eb:dc14::/48 and I
>>         provide a public key for it, what's to stop you using the
>>         same prefix and providing your own public key for it?
>>
>>
>>     The registry undertakes to only issue each prefix once and bind
>>     it to a public key specified by the holder.
>>
>>     The registry publishes the allocation in an append only log which
>>     is attested by a blockchain type technique. So there is (almost)
>>     no scope for the registry to defect.
>
>     How do you protect the registry against a Sybil attack?
>
>     -- Christian Huitema
>
> There is a one-time charge of $0.10 per registration. No renewal fees.
That should work if the "block chain" signatures can only be appended by 
the organization maintaining the registry. I wonder why just $0.10, 
given that for the normal user just learning the process will cost way 
more than that. Also, just the credit card fees are larger than that. 
Plus, if you want to guarantee the ownership "forever", you probably 
need sustained revenues in the long term.
>
> So a DoS attack would merely swell the coffers of the not-for-profit 
> Mesh foundation which will pay for development of code, etc.
>
> I am not sure that a Sybil attack is relevant as there is absolutely 
> no accreditation going on here except between the registry and the 
> small set of chosen peer notaries. And they are merely cross 
> notarising. There are no subjective or unconstrained inputs here. 
> Every input is deterministic, the only non determinism comes from timing.

There are variants of the Sybil attack that concentrate on fractions of 
the address space. Also, if the space is just 40 bit wide, the attacker 
will start causing random collisions after registering 1 million entries.

Speaking of collisions, is there a way for registrants to test for 
collisions before registering? Is it correct to assume a publicly 
available blockchain?

-- Christian Huitema

v2.23.0 | Report a Bug | By Email