IETF Logo Mail Archive

Re: Non routable IPv6 registry proposal

Phillip Hallam-Baker <phill@hallambaker.com> Fri, 22 January 2021 05:57 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A58093A1102 for <ietf@ietfa.amsl.com>; Thu, 21 Jan 2021 21:57:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.687
X-Spam-Level:
X-Spam-Status: No, score=-0.687 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.248, HTML_MESSAGE=0.001, ONE_TIME=0.714, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tVB7EMr2usjZ for <ietf@ietfa.amsl.com>; Thu, 21 Jan 2021 21:57:26 -0800 (PST)
Received: from mail-yb1-f177.google.com (mail-yb1-f177.google.com [209.85.219.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 442883A10F6 for <ietf@ietf.org>; Thu, 21 Jan 2021 21:57:26 -0800 (PST)
Received: by mail-yb1-f177.google.com with SMTP id y128so4402354ybf.10 for <ietf@ietf.org>; Thu, 21 Jan 2021 21:57:26 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=2LevfQHP6lR3OxQ30KSJLixat97nTejqxp4xaDWKxoU=; b=WssHOBgtKnwcPO5RG6cNBpSu2Dxr5kGdc7AZqHSFJWD3bsX7qgCyepx04N6WqjDUG3 ULd9k4ZDjTgsL7YNn/kD7NHInFoitefzgIoFMYoXIHeDDpjlbfQ91BnzIIY2PtymbGfn xES7s7CEE7fm/zIiDh41mbjd1LBgWh+4BsbpZ+VkxLgMRXzRbO8gZhHrFMajYwMRXomN X20SHFql8sXti//Uy1MRfbKd7iWFqT4h2iy6pENugWU5zuAJHLXUugOkAw0ZNQqbL92V 5M9iZZ/auPbGVht5zaYsSOtVk5bF2XZ3aLLal+0k9V3BelQuZ6XHUwmCji/GAB9IgxGQ /52w==
X-Gm-Message-State: AOAM530WTkzgNbe0WCxK26ED+zBqqYoag8Mu/xDRDSjUdZgzZ8ysJLRr CpxVgZ5JY+JHrXJ/4d/+ouq8Fc5B/Ycmcj5LJcY=
X-Google-Smtp-Source: ABdhPJwRJ58th4s+Z9Ln2D6uOXcwJKUglFpkaBKE6XQjwc5KurpLMyjs8iKjNzZYRLmShn4msj6RQX7mT1K1oDeb9JA=
X-Received: by 2002:a25:2606:: with SMTP id m6mr4245895ybm.213.1611295045221; Thu, 21 Jan 2021 21:57:25 -0800 (PST)
MIME-Version: 1.0
References: <CAMm+LwjNiE0P7RAVqzKMypNbh3=9BeqiWn_hGv3E=zX7-YmSXQ@mail.gmail.com> <72F969A9-AF94-47B6-B48C-B3CD4D9A7C72@strayalpha.com> <7cc9e38c-5a00-ec59-a8c2-10503cc40d50@si6networks.com> <CB1A6DF0-8CDD-495D-9F7B-80BF72F08C1E@strayalpha.com> <CAMm+LwjU2SQeydRJ7zcDORz+1-z634OCe34HMKTKHiQvg+4M7w@mail.gmail.com> <00a9feed-5e48-05de-b3ee-27d9a98c6be1@gmail.com> <CAMm+Lwgonpf7TgA-oHR+bk3LvKA2Dc5q-2uEan318D37vAkwAA@mail.gmail.com> <e822c970-745b-c57c-4fe2-622ac9c4eebe@huitema.net>
In-Reply-To: <e822c970-745b-c57c-4fe2-622ac9c4eebe@huitema.net>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Fri, 22 Jan 2021 00:57:15 -0500
Message-ID: <CAMm+LwjwjOcfJjXywWKwz2o5e6oGYHviXuPtVg5ocxNW3SJLOw@mail.gmail.com>
Subject: Re: Non routable IPv6 registry proposal
To: Christian Huitema <huitema@huitema.net>
Cc: Brian E Carpenter <brian.e.carpenter@gmail.com>, Michael Richardson <mcr+ietf@sandelman.ca>, IETF Discussion Mailing List <ietf@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000cc820105b976dc8e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/sjpnbFZDOblz139N850qxYhlwPk>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Jan 2021 05:57:28 -0000

On Fri, Jan 22, 2021 at 12:45 AM Christian Huitema <huitema@huitema.net>
wrote:

> On 1/21/2021 5:02 PM, Phillip Hallam-Baker wrote:
>
> On Thu, Jan 21, 2021 at 2:56 PM Brian E Carpenter <
> brian.e.carpenter@gmail.com> wrote:
>
>> Putting two things together:
>> On 22-Jan-21 07:57, Phillip Hallam-Baker wrote:
>> ...
>> > A ULA->Public key registry provides exactly the right degree of
>> incentive. It allows us to take an area that is currently flaky as heck and
>> make it 'just work'. That area is VPN access.
>>
>> Yes, but afaik you (or I) can't claim ownership of random numbers. So if
>> my ULA prefix is fd63:45eb:dc14::/48 and I provide a public key for it,
>> what's to stop you using the same prefix and providing your own public key
>> for it?
>>
>
> The registry undertakes to only issue each prefix once and bind it to a
> public key specified by the holder.
>
> The registry publishes the allocation in an append only log which is
> attested by a blockchain type technique. So there is (almost) no scope for
> the registry to defect.
>
> How do you protect the registry against a Sybil attack?
>
> -- Christian Huitema
>
There is a one-time charge of $0.10 per registration. No renewal fees.

So a DoS attack would merely swell the coffers of the not-for-profit Mesh
foundation which will pay for development of code, etc.

I am not sure that a Sybil attack is relevant as there is absolutely no
accreditation going on here except between the registry and the small set
of chosen peer notaries. And they are merely cross notarising. There are no
subjective or unconstrained inputs here. Every input is deterministic, the
only non determinism comes from timing.

v2.23.0 | Report a Bug | By Email