IETF Logo Mail Archive

Re: 6man w.g. last call for <draft-ietf-6man-default-iids-11.txt>

Brian E Carpenter <brian.e.carpenter@gmail.com> Thu, 19 May 2016 20:43 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0948812D67C for <ipv6@ietfa.amsl.com>; Thu, 19 May 2016 13:43:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LA_PpjLAJ6XO for <ipv6@ietfa.amsl.com>; Thu, 19 May 2016 13:43:14 -0700 (PDT)
Received: from mail-pf0-x22f.google.com (mail-pf0-x22f.google.com [IPv6:2607:f8b0:400e:c00::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 79C2612D665 for <ipv6@ietf.org>; Thu, 19 May 2016 13:43:14 -0700 (PDT)
Received: by mail-pf0-x22f.google.com with SMTP id c189so34632155pfb.3 for <ipv6@ietf.org>; Thu, 19 May 2016 13:43:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:organization:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding; bh=9h1fJsSR8nf6e0IGi16Twk9txeTmsvMhWDE/XdxLtuU=; b=IejhwnhtfLe7/5RzF1oxGmw+6Q6emC1S9Tl4DQiyhVxg7Z+hbqJYrsVsalpAak/2RL OFLzULI97PI5tZHrFh2JvtylbeK49lHOnbCZPkKdXOKUrOo2Rmz5fzqAD5rn2oDWf/DY +WMZaR6h/PGcwgOjT2iKl0j6ticRikdZAYqOC/yirSeV2/Jb6cSR1hOWNpCdw6+kdqQK gxPzO5F0KaKJ+DHxCDZqOzh2ymWKfPFCksRiiETsp+stXi5Fp7hTxZ2o+QPpm1CAcxdb 1tGGMC+EG3FK4LiD+HcDSeFo04wV6vi/nFc4bQd3jGcVf8rDApYFULLQx2e4BSA8CmH7 UM5Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-transfer-encoding; bh=9h1fJsSR8nf6e0IGi16Twk9txeTmsvMhWDE/XdxLtuU=; b=QlE2WHjK+Wkgqz+E2tcnvN9WQF/ta5r8x4UIpfqxd3MjUk13ox/mqUQ2Fcy/SsGELF SRL9m7R5E/PK92TodRajBnJGG+SN9YyGNfMNqY7zQxEvVm9c7Mr5lg7g23wzL6HXS3ax I4sTK+rqAuAPs1RPVh7LdU8OP0YjPPZuBbJ/RXTOCKpbOfEbdsAVU3N94yPs2Jg7Vfo/ a4E8sXDAkv8FpjbzhP3lC2tBxEj7Hx1L/lgdoqL2i1omb+W+BHAN/qbRwYJVOfNm0jpu UqDs7IyAqL26k6CI2jCWdYxoRkOlQP2meERNYnVE2HGzNbQdDWytAGOIveZqJ+RlD9cN q6iw==
X-Gm-Message-State: AOPr4FV8mfNwXLxdp6NNd/XwWBBrGA6VhsHOFmiuc9WUn5OmVWFBuITK4Zz9oEmMd25qQA==
X-Received: by 10.98.30.132 with SMTP id e126mr23004667pfe.109.1463690594108; Thu, 19 May 2016 13:43:14 -0700 (PDT)
Received: from ?IPv6:2406:e007:48d6:1:a891:a15c:40a7:eb21? ([2406:e007:48d6:1:a891:a15c:40a7:eb21]) by smtp.gmail.com with ESMTPSA id ba9sm21913423pab.24.2016.05.19.13.43.12 for <ipv6@ietf.org> (version=TLSv1/SSLv3 cipher=OTHER); Thu, 19 May 2016 13:43:13 -0700 (PDT)
Subject: Re: 6man w.g. last call for <draft-ietf-6man-default-iids-11.txt>
To: ipv6@ietf.org
References: <20160428004904.25189.43047.idtracker@ietfa.amsl.com> <89CA2C18-AE61-4D40-8997-221201835944@gmail.com> <CAJE_bqdZ_D7jsDdWQ2FJpLH9cXveYfcye0W2J_mSi-7bYBrOKA@mail.gmail.com> <B849F263-9F99-48E8-B903-8FE7D2CDF277@cooperw.in> <CAJE_bqd1AWOuwvQcGzHg+dAWoump29g14HEA1BoVErXDXSMxaw@mail.gmail.com> <573BCFD0.8090801@si6networks.com> <CAJE_bqfKUbO7C6LnxOOUCVBU9e679_=159Yu6Ti0zhOGDuw98Q@mail.gmail.com> <A1111BEA-C14C-4574-9214-3D9B5500FEA1@cooperw.in> <CAKD1Yr23S4yHM=31VXTJq7t11P3__GEbbRhM0c085gBjQEGi-Q@mail.gmail.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
Message-ID: <19ae94cd-849f-0622-54bc-42cbad51368a@gmail.com>
Date: Fri, 20 May 2016 08:43:20 +1200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.1.0
MIME-Version: 1.0
In-Reply-To: <CAKD1Yr23S4yHM=31VXTJq7t11P3__GEbbRhM0c085gBjQEGi-Q@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipv6/235oDtvY7mPDNgL-O16UIMnF4TE>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 May 2016 20:43:16 -0000

On 19/05/2016 18:10, Lorenzo Colitti wrote:
> On Thu, May 19, 2016 at 2:19 PM, Alissa Cooper <alissa@cooperw.in> wrote:
> 
>> The draft makes just about a clear a statement in this vein as is possible:
>>
>> "By default, nodes SHOULD NOT employ IPv6 address generation schemes
>>    that embed the underlying link-layer address in the IID.”
>>
>> Note that this statement does not prohibit anything, nor does it make a
>> normative (in the moral sense) judgment. It just states the recommendation,
>> which is the point of the document.
>>
>> I appreciate that not everyone on the list agrees with this
>> recommendation. But I find the claim that this recommendation is unclear to
>> be difficult to understand. That is, I can’t think of a way to convey the
>> same recommendation that would be clearer. If you can, please suggest text.
>>
> 
> Alissa,
> 
> I don't think anybody is claiming that the recommendation itself is
> difficult to understand. What is difficult to understand is how the
> document justifies that claim.
> 
> It looks like the main argument used to justify this recommendation is
> major privacy risks. But embedding a link layer identifier into an IP
> address is not a major [1] privacy risk. It is only embedding a *STABLE*
> link-layer address that is a major privacy risk.
> 
> Recommending that link-layer address be embedded only if they are ephemeral
> would address the privacy concerns just as well as (or maybe even better)
> than the approach proposed in this document.
> 
> I think what people are do not understand is why this document recommends
> one but not the other. I certainly don't.
> 
> Cheers,
> Lorenzo
> 
> [1] I argue that cross-referencing IPX traffic to IP traffic is not a major
> privacy risk because IPX is so uncommon.

I only chose that example because it's an obvious one. Do we know all the contexts
in which a MAC address may appear in an off-link packet? I doubt it.

A privacy risk doesn't have to be "major" to be important. If we are concerned
about massive-scale surveillance, where the opponent is using Hadoop and machine
learning technologies to glean information, minor risks become significant. So
I support the draft as it stands: any case in which a layer 2 identifier is
embedded *in clear* in a higher layer identifier is a bad thing, even if it's
a temporary and pseudo-random bit string.

[I hadn't remembered that RFC1958 already said that ;-)]

I think this is completely orthogonal to whether stable IIDs should be used
by clients at all - that's an operational choice that we can only leave to site
operators.

Regards
   Brian

v2.23.0 | Report a Bug | By Email