Re: Gen-ART LC review: draft-ietf-dhc-dhcpv6-privacy-03
Robert Sparks <rjsparks@nostrum.com> Mon, 15 February 2016 22:10 UTC
Return-Path: <rjsparks@nostrum.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A7761B2EE7; Mon, 15 Feb 2016 14:10:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.006] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KEWmJFOctuJd; Mon, 15 Feb 2016 14:10:27 -0800 (PST)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C1A41B2EE4; Mon, 15 Feb 2016 14:10:27 -0800 (PST)
Received: from unnumerable.local (pool-173-57-158-165.dllstx.fios.verizon.net [173.57.158.165]) (authenticated bits=0) by nostrum.com (8.15.2/8.14.9) with ESMTPSA id u1FMAJjr049173 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=OK); Mon, 15 Feb 2016 16:10:20 -0600 (CST) (envelope-from rjsparks@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host pool-173-57-158-165.dllstx.fios.verizon.net [173.57.158.165] claimed to be unnumerable.local
Subject: Re: Gen-ART LC review: draft-ietf-dhc-dhcpv6-privacy-03
To: "Bernie Volz (volz)" <volz@cisco.com>, Tomek Mrugalski <tomasz.mrugalski@gmail.com>, General Area Review Team <gen-art@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "dhcwg@ietf.org" <dhcwg@ietf.org>, "draft-ietf-dhc-dhcpv6-privacy.all@ietf.org" <draft-ietf-dhc-dhcpv6-privacy.all@ietf.org>
References: <56B0DBA3.2050406@nostrum.com> <56C238F8.4040400@gmail.com> <56C23FE6.5000207@nostrum.com> <3990c04ce860428ab90d0142102b7bfc@XCH-ALN-003.cisco.com>
From: Robert Sparks <rjsparks@nostrum.com>
Message-ID: <56C24CCB.9060802@nostrum.com>
Date: Mon, 15 Feb 2016 16:10:19 -0600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.5.1
MIME-Version: 1.0
In-Reply-To: <3990c04ce860428ab90d0142102b7bfc@XCH-ALN-003.cisco.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/yCPgXWAPX8fVjM4hBtXajvfz3SE>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Feb 2016 22:10:29 -0000
On 2/15/16 3:37 PM, Bernie Volz (volz) wrote: > Perhaps we should get away from whether something is easy or difficult to implement or whether the algorithm may be more (or less) efficient. > > I think the point of this material is to ENCOURAGE random assignment rather than sequential to improve privacy- so keep it at that. Let implementers worry about how efficient an algorithm is? Right - that's where I'm trying to get the document to go. > > - Bernie > > -----Original Message----- > From: Robert Sparks [mailto:rjsparks@nostrum.com] > Sent: Monday, February 15, 2016 4:15 PM > To: Tomek Mrugalski <tomasz.mrugalski@gmail.com>; General Area Review Team <gen-art@ietf.org>; ietf@ietf.org; dhcwg@ietf.org; draft-ietf-dhc-dhcpv6-privacy.all@ietf.org > Subject: Re: Gen-ART LC review: draft-ietf-dhc-dhcpv6-privacy-03 > > Hi Tomek - > > Thanks for these edits. My points are all addressed, though I wish to push a little more on changing the focus of the following in the document: > > On 2/15/16 2:45 PM, Tomek Mrugalski wrote: > > <snip/> >>> In section 4.3, the paragraph on Random allocation comments on the >>> poor performance of a specific simplistic implementation of random >>> selection. More efficient algorithms exist. But the discussion is >>> mostly irrelevant to the document. Please simplify this paragraph to >>> focus on the benefits of random allocation. >> I somewhat disagree. First, there are more efficient algorithms known, >> but they are not always used. This document is a analysis, so we tried >> to provide an analysis of what's actually happening in actual >> implementations. In an ideal world where privacy is the top priority >> every implementation would use truly random allocation using hardware >> entropy generators. Sadly, the reality of DHCP servers market is that >> performance matters a lot. Lowered performance is a price for better >> privacy. This fact directly affects DHCP server implementors, which >> are the target audience for this document. These are my arguments why >> the discussion about performance penalty is there and should stay in my opinion. > Then I suggest this variation: > > "In deployed systems, address allocation strategies such as choosing the next sequentially available address are chosen over strategies such as pseudo-random allocation across the available address pool because the latter are more difficult to implement efficiently." > > To be very clear (and I do _not_ want to put this discussion in the document), an implementation could keep a structure (probably a > linked-list) of blocks of unallocated addresses, and very efficiently select an address pseudo-randomly from the addresses in that structure, modifying the structure to make the next selection just as efficient (similarly modifying the structure when addresses are returned to the pool). > This would not have the performance degradation that the simple strategy you currently discuss has. > While they're entertaining, I think discussing _either_ way of approaching such a random selection algorithm distracts the reader from the point of understanding the privacy implications. >> > <snip/> > > > RjS
- Gen-ART LC review: draft-ietf-dhc-dhcpv6-privacy-… Robert Sparks
- Re: Gen-ART LC review: draft-ietf-dhc-dhcpv6-priv… Robert Sparks
- RE: Gen-ART LC review: draft-ietf-dhc-dhcpv6-priv… Bernie Volz (volz)
- Re: Gen-ART LC review: draft-ietf-dhc-dhcpv6-priv… Robert Sparks
- Re: [Gen-art] Gen-ART LC review: draft-ietf-dhc-d… Fernando Gont
- Re: Gen-ART LC review: draft-ietf-dhc-dhcpv6-priv… Tomek Mrugalski
- Re: Gen-ART LC review: draft-ietf-dhc-dhcpv6-priv… Tomek Mrugalski
- RE: [Gen-art] Gen-ART LC review: draft-ietf-dhc-d… Bernie Volz (volz)
- Gen-Art review: draft-ietf-dhc-dhcpv6-privacy-04 Robert Sparks
- Re: [dhcwg] Gen-Art review: draft-ietf-dhc-dhcpv6… Jari Arkko