IETF Logo Mail Archive

Re: 64bit MAC addresses and SLAAC

Etienne-Victor Depasquale <edepa@ieee.org> Thu, 18 June 2020 06:30 UTC

Return-Path: <edepa@ieee.org>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B96983A08D7 for <ipv6@ietfa.amsl.com>; Wed, 17 Jun 2020 23:30:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ieee.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tQN1DgqpOqpy for <ipv6@ietfa.amsl.com>; Wed, 17 Jun 2020 23:29:59 -0700 (PDT)
Received: from mail-qk1-x736.google.com (mail-qk1-x736.google.com [IPv6:2607:f8b0:4864:20::736]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 81FE13A00C0 for <ipv6@ietf.org>; Wed, 17 Jun 2020 23:29:59 -0700 (PDT)
Received: by mail-qk1-x736.google.com with SMTP id 205so4576303qkg.3 for <ipv6@ietf.org>; Wed, 17 Jun 2020 23:29:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ieee.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=JxpA8kCh3yH5ZEheht9r5X+42AhIh+T/VQJl3JBl0pE=; b=EJGt6MsMeoKqEfYDqBgv3yi+P6KAy1Fx4m/BNOkuVcAfONFQFn4jdSKWGdtcSYxMS+ WQ9OiQiNYuwHEgv1yCexdVF614QomTM4BGfehj8g4OikgpXJNsI0rr+3yDbScmi6cEmE Y/4vkp+KgnCZasGWqrzFJ9cFfcs1QzvSHSJiE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=JxpA8kCh3yH5ZEheht9r5X+42AhIh+T/VQJl3JBl0pE=; b=iIJPQ8WubX7LYKi1mRb2vJRUYUEuySPxvGvaXetmZzw528GLO3/fHDXPxhQwaPfcja 0uz4C/yHQ0xfh7Wk39C5bQHKpdPSXLasC3hHJOr4CjFQJDhStQaROlNki7IzedaD9UCy WhK6MACuQFpAvreRtep+tn1YaKYAlfjGks5GQbL3FNmgSAgiMOsL87Q40vafj+NKilMl /rJRyB5oXxrIucP11hL7IQ5VqVy896+nCPF8GaHyNoW+qcNMnwqjS9GVtTrnysMIe4wf B+e5gSaHXzWtb8mdqg1LW1aeNNQAWEKWoGC+c8sMNvbgmkq8Fft5ikq3ZwKIE8Uj0Th2 UmJw==
X-Gm-Message-State: AOAM531rR2H1zqVe80RrOPOiA4XDB6ETmAz7AKB0rBpdqPO3Etk1JXiJ 2xMNg61sWbyI1nR+ed2sT4OpHntDNOglMVxUl8WFO3P2x50=
X-Google-Smtp-Source: ABdhPJz5vg4MO7aBQUIqerHhjeIfP5OxES8D3JsLnRtkfdx0cmDcn4Kk8QPhEDlgZzH5J4WI8FUdu084b62cpT/MRUc=
X-Received: by 2002:a37:748:: with SMTP id 69mr18816qkh.281.1592461798284; Wed, 17 Jun 2020 23:29:58 -0700 (PDT)
MIME-Version: 1.0
References: <e8a25961-5ac9-d35e-77dd-bf86f45cd077@gmail.com> <a17ae9f3-001c-07f6-84f9-a0ca583e6a00@gmail.com> <7AE5B6D0-AB01-4077-A9EF-5BD86F428681@gmail.com> <CAC8QAcdDjQvonke7hytV8pCYsTAjATNi560v_b32jus_jDW8bw@mail.gmail.com> <b43a00f5-c957-923a-cef4-ed541ebdb39a@gmail.com> <a96f1262-d152-dc09-1c2f-b2604ca21890@si6networks.com> <m1jlb8u-0000JDC@stereo.hq.phicoh.net> <d23c967b-29fc-cf94-d51b-70d200ee195f@si6networks.com> <CABNhwV2+pq9fwWA=X4eN064gdtOV628pgaSMmDEyq3ANX6xZxg@mail.gmail.com> <m1jlg0W-0000LDC@stereo.hq.phicoh.net>
In-Reply-To: <m1jlg0W-0000LDC@stereo.hq.phicoh.net>
From: Etienne-Victor Depasquale <edepa@ieee.org>
Date: Thu, 18 Jun 2020 08:29:19 +0200
Message-ID: <CAAcx0vB8WZ+JneWk-TRKVF0PFPoYDZCEYqOCT_sc2W6ZqeeXNw@mail.gmail.com>
Subject: Re: 64bit MAC addresses and SLAAC
To: Philip Homburg <pch-ipv6-ietf-6@u-1.phicoh.com>
Cc: IPv6 List <ipv6@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000ce55fc05a855e7e1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/1YQZpH0K8cX9r6hXQ2jPyrIAecA>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jun 2020 06:30:02 -0000

Philip,

" I also wonder, a device that cannot afford a couple SHa2 hashes? Then that
device is probably insecure and should not be connect to the internet
anyhow  "

I haven't got any data to make a case. What I can see is a WSN scenario,
with some features in it, as follows.

One important operating principle with WSNs is to prolong lifetime.
When a node turns off, its loss may cause network-wide effects, like RPL
DODAG tree re-formation.

Sensors are output devices, oriented towards their border router for access
to the Internet.
Is it fair to say that they're single-purpose devices, supporting no
(little?) more than a RESTful interface to their data acquisition?
I think so.

Does it make sense to load sensors with generation of semantically opaque
interface identifiers?
Yes - but only after understanding its impact through a network-scoped
study of WSN lifetime.

Alternatively:
keep link-layer addresses in IPv6 IIDs,
without allowing unauthorized data collection from the nodes,
by implementing access control to the nodes at the (mains-powered) border
router.

Etienne

On Wed, Jun 17, 2020 at 11:54 PM Philip Homburg <
pch-ipv6-ietf-6@u-1.phicoh.com> wrote:

> >   Of course the caveat there with unmanaged network and SOHO and Mobile
> >where manual or DHCPV6 is not possible or viable.
>
> Why is DHCPv6 not possible? Of course there is the Android problem.
> But I doubt that a low power IoT device would share a wifi-link with an
> Android device.
>
> >    In those cases SLAAC is preferred, but then we have the crux of
> >    issue and the decision tree on privacy random IID and its overhead
> >    if its not necessary versus modified EUI64.
> >    tree of course the underlying operational impacts of random
> >    versus  stable IID double edged sword operator or individuals
> >    decision to pick which works best for their use case.  In the
> >    end net-net is what is simplest to deploy and least overhead
> >    but also meets the desired goal is generally the thought for
> >    picking the IID generation solution. For that SLAAC wins out in
> >    that decision for the use case described above.
>
> A stable, unique pseudo random IID per prefix basically requires one
> SHA2-HMAC (or equivalent in SHA3 or other modern hash function) per
> prefix.
>
> I cannot imagine that computing 2 SHA2 hashes has a significant amount
> of energy use compared to link attachment and duplicate address detection.
>
> This computation is once per prefix, so it becomes an issue if the
> devices frequently attaches to new links. In which case tracking protection
> becomes important.
>
> I also wonder, a device that cannot afford a couple SHa2 hashes? Then that
> device is probably insecure and should not be connect to the internet
> anyhow.
>
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>


-- 
Ing. Etienne-Victor Depasquale
Assistant Lecturer
Department of Communications & Computer Engineering
Faculty of Information & Communication Technology
University of Malta
Web. https://www.um.edu.mt/profile/etiennedepasquale

v2.23.0 | Report a Bug | By Email