IETF Logo Mail Archive

Re: default-iids: dropping requirement 1 in Section 3

Fernando Gont <fgont@si6networks.com> Mon, 23 May 2016 15:52 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 95F3F12D1AD for <ipv6@ietfa.amsl.com>; Mon, 23 May 2016 08:52:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JpCo3QtZH46g for <ipv6@ietfa.amsl.com>; Mon, 23 May 2016 08:52:09 -0700 (PDT)
Received: from fgont.go6lab.si (fgont.go6lab.si [91.239.96.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A6B2A12D995 for <ipv6@ietf.org>; Mon, 23 May 2016 08:52:09 -0700 (PDT)
Received: from [192.168.3.104] (192-174-17-190.fibertel.com.ar [190.17.174.192]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id 9F566801B6; Mon, 23 May 2016 17:51:58 +0200 (CEST)
Subject: Re: default-iids: dropping requirement 1 in Section 3
To: Lorenzo Colitti <lorenzo@google.com>
References: <20160428004904.25189.43047.idtracker@ietfa.amsl.com> <89CA2C18-AE61-4D40-8997-221201835944@gmail.com> <6f2edbbc-d208-03a0-3c33-503a05c0bee8@gmail.com> <CAKD1Yr1So_tFFSr=sk8ew-UJG-dWK=U6N9mwJnwkZdNX=__SVQ@mail.gmail.com> <11cf3f90-e693-a640-a372-f419a8f7a1a0@gmail.com> <CAKD1Yr0OPuSmp-OWG-+ZjDsHucQYTG2PMZw7jdiU=4kQqK+tyQ@mail.gmail.com> <663debf7-cfba-b19b-92ef-89cc66b452d8@gmail.com> <CAKD1Yr2Km2A6XO8nvNv31Ti_Rr2j4gse1KLadJPcrgFMKyzszw@mail.gmail.com> <31E1F934-FEA2-4338-8F2C-04E7302F3170@cooperw.in> <CAKD1Yr052q0-xTkgLmL8UM=bXAEypDiGHuEhtOhwc3qpoZWbDw@mail.gmail.com> <53e5543b-ebc2-9ca7-5275-693027d44088@bogus.com> <44990b39-65df-79b6-7074-7f53ba4fe035@gmail.com> <351E5A99-235D-4CD8-A237-3C70FB8EBB12@cooperw.in> <96468F91-2C94-4337-89CA-5AEEBB183ADD@cooperw.in> <57420B44.6080209@si6networks.com> <CAKD1Yr3HOcbErk7D7ppxKa8Fd905-ynB1OiDLBBnQ0NCYfbV+w@mail.gmail.com> <5742F0B9.7020504@si6networks.com> <CAKD1Yr37doBwSKoqM9PYezfYeOVo1XVx024BB1ZQXKMsnQKM3Q@mail.gmail.com>
From: Fernando Gont <fgont@si6networks.com>
X-Enigmail-Draft-Status: N1110
Message-ID: <5743271A.6080008@si6networks.com>
Date: Mon, 23 May 2016 11:51:54 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2
MIME-Version: 1.0
In-Reply-To: <CAKD1Yr37doBwSKoqM9PYezfYeOVo1XVx024BB1ZQXKMsnQKM3Q@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipv6/2VpFYenkZAHM_lxvAGrWRORyC2A>
Cc: IETF IPv6 Mailing List <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 May 2016 15:52:19 -0000

Lorenzo,

On 05/23/2016 11:41 AM, Lorenzo Colitti wrote:
> On Mon, May 23, 2016 at 8:59 PM, Fernando Gont <fgont@si6networks.com
> <mailto:fgont@si6networks.com>> wrote:
> 
>     > No, the root of this whole problem is embedding a *stable* layer-2 ID in
>     > a layer-3 field.
> 
>     You're wrong. I've provided references that explain why, and Brian has
>     provided examples. There's not much I can do other than that.
> 
> 
> Instead of telling me I'm wrong, I would suggest convincing the WG that
> I'm wrong, because if you do, it doesn't matter what I think. 

The fact that your scheme wastes 18 bits of entropy, and requires that
only a single layer-3 protocol is used, and only a single IPv6 prefix is
employed (so that its exploitation for correlation does not become
obvious) shows that the scheme is flawed, and that the scheme itself is
what allows for correlation.

My apologies for my writing style. My goal is not to prove you wrong.
But rather than there's a reason for not wanting the layer-2 id in the
IPv6 address.


-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

v2.23.0 | Report a Bug | By Email