IETF Logo Mail Archive

Re: 6man w.g. last call for <draft-ietf-6man-default-iids-11.txt>

Lorenzo Colitti <lorenzo@google.com> Thu, 19 May 2016 06:10 UTC

Return-Path: <lorenzo@google.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9CDB512B04D for <ipv6@ietfa.amsl.com>; Wed, 18 May 2016 23:10:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.126
X-Spam-Level:
X-Spam-Status: No, score=-4.126 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eLipEQsSZ_lT for <ipv6@ietfa.amsl.com>; Wed, 18 May 2016 23:10:53 -0700 (PDT)
Received: from mail-yw0-x234.google.com (mail-yw0-x234.google.com [IPv6:2607:f8b0:4002:c05::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0636612B025 for <ipv6@ietf.org>; Wed, 18 May 2016 23:10:52 -0700 (PDT)
Received: by mail-yw0-x234.google.com with SMTP id j74so68566800ywg.1 for <ipv6@ietf.org>; Wed, 18 May 2016 23:10:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=uxiudrfkRMBtnUW4eGk3+VY6C66XzVWDDTKniraWyeQ=; b=gBj6ohJNnTxBqJhfelU4wVCyb8WGjRBCz8j8x+78D0SuKJ1TIQ2Ls3XcGpUaxCwS9q L0aOenZZ+MnPfOOoxgRLSIfisqUFfHgMkG87uqLs208hFZTMuWynJ7JnY6H9nkQSSckv ViQtdTL0aKZEMmX3PF36mtylJTqmIlgPXlXk8JXfMFq8lnujIemQsL9jD1rhDX3MwmSF VeVg+h1xopidwULmqdf3fi4ipwG4IJMRzewXwnefoySLtQkSo8WETrRQ3062e3nVdJGD tvGX7oK0r5SG1ew+zBOnvAVDZS7H9Rdlk8foYPwF3tKjnNstbB3a5oWAnWwic8uUbTpi fu4A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=uxiudrfkRMBtnUW4eGk3+VY6C66XzVWDDTKniraWyeQ=; b=DVZz/KJMI4rnMFst3YikHaOLtKb2Z1FJOENSG2t+/TCo/wbEeX9CSOO1FlrGwOYOPG CzN4DbhuJIvBsKcmgyzr3yRCH8GaGX9x55E8Oc54S08JK0B7GQC5QoiO/JP1xBXqY7VN n/ZoVT7wXXWPne17iFzTbDb/FnVydveEszJ05lCfig4aEPI+kg/vX+dgAQcMvi5dIUte 8/d4K5L1GQtj6+DgQEPmvC1YOWA6VdbuEfU4frkO4tE1ER+ycSUQuH5HDrsDDchWuoxz cOzOtO+P7h5iZyatRXZHaeBae7yGtw5/epgmtWhDzpSacEUSZA1+dJb9PHNDBVsGbs/Z NAHw==
X-Gm-Message-State: AOPr4FU7JoY/RMj1XTtk3NWziHC6AjjsmJz/FJvEMOQ3Qddkwiem2uJFy0h4A0KUmJc5sAUgzvtxLDbD2bgxSbJw
X-Received: by 10.37.80.145 with SMTP id e139mr6065219ybb.152.1463638252030; Wed, 18 May 2016 23:10:52 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.37.198.68 with HTTP; Wed, 18 May 2016 23:10:32 -0700 (PDT)
In-Reply-To: <A1111BEA-C14C-4574-9214-3D9B5500FEA1@cooperw.in>
References: <20160428004904.25189.43047.idtracker@ietfa.amsl.com> <89CA2C18-AE61-4D40-8997-221201835944@gmail.com> <CAJE_bqdZ_D7jsDdWQ2FJpLH9cXveYfcye0W2J_mSi-7bYBrOKA@mail.gmail.com> <B849F263-9F99-48E8-B903-8FE7D2CDF277@cooperw.in> <CAJE_bqd1AWOuwvQcGzHg+dAWoump29g14HEA1BoVErXDXSMxaw@mail.gmail.com> <573BCFD0.8090801@si6networks.com> <CAJE_bqfKUbO7C6LnxOOUCVBU9e679_=159Yu6Ti0zhOGDuw98Q@mail.gmail.com> <A1111BEA-C14C-4574-9214-3D9B5500FEA1@cooperw.in>
From: Lorenzo Colitti <lorenzo@google.com>
Date: Thu, 19 May 2016 15:10:32 +0900
Message-ID: <CAKD1Yr23S4yHM=31VXTJq7t11P3__GEbbRhM0c085gBjQEGi-Q@mail.gmail.com>
Subject: Re: 6man w.g. last call for <draft-ietf-6man-default-iids-11.txt>
To: Alissa Cooper <alissa@cooperw.in>
Content-Type: multipart/alternative; boundary="001a113e89ea18495e05332bd6c4"
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipv6/1TEkzvqMdMNUYXIRZkTwCRHAw_U>
Cc: Fernando Gont <fgont@si6networks.com>, IPv6 List <ipv6@ietf.org>, 神明達哉 <jinmei@wide.ad.jp>, Bob Hinden <bob.hinden@gmail.com>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 May 2016 06:10:54 -0000

On Thu, May 19, 2016 at 2:19 PM, Alissa Cooper <alissa@cooperw.in> wrote:

> The draft makes just about a clear a statement in this vein as is possible:
>
> "By default, nodes SHOULD NOT employ IPv6 address generation schemes
>    that embed the underlying link-layer address in the IID.”
>
> Note that this statement does not prohibit anything, nor does it make a
> normative (in the moral sense) judgment. It just states the recommendation,
> which is the point of the document.
>
> I appreciate that not everyone on the list agrees with this
> recommendation. But I find the claim that this recommendation is unclear to
> be difficult to understand. That is, I can’t think of a way to convey the
> same recommendation that would be clearer. If you can, please suggest text.
>

Alissa,

I don't think anybody is claiming that the recommendation itself is
difficult to understand. What is difficult to understand is how the
document justifies that claim.

It looks like the main argument used to justify this recommendation is
major privacy risks. But embedding a link layer identifier into an IP
address is not a major [1] privacy risk. It is only embedding a *STABLE*
link-layer address that is a major privacy risk.

Recommending that link-layer address be embedded only if they are ephemeral
would address the privacy concerns just as well as (or maybe even better)
than the approach proposed in this document.

I think what people are do not understand is why this document recommends
one but not the other. I certainly don't.

Cheers,
Lorenzo

[1] I argue that cross-referencing IPX traffic to IP traffic is not a major
privacy risk because IPX is so uncommon.

v2.23.0 | Report a Bug | By Email