IETF Logo Mail Archive

Re: <draft-ietf-6man-default-iids> update to rfc2464bis

Lorenzo Colitti <lorenzo@google.com> Thu, 12 January 2017 11:09 UTC

Return-Path: <lorenzo@google.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9676D1293F8 for <ipv6@ietfa.amsl.com>; Thu, 12 Jan 2017 03:09:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.199
X-Spam-Level:
X-Spam-Status: No, score=-5.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-3.199, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o8D2ZfbJMibI for <ipv6@ietfa.amsl.com>; Thu, 12 Jan 2017 03:08:59 -0800 (PST)
Received: from mail-ua0-x22a.google.com (mail-ua0-x22a.google.com [IPv6:2607:f8b0:400c:c08::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CEFFD120725 for <ipv6@ietf.org>; Thu, 12 Jan 2017 03:08:58 -0800 (PST)
Received: by mail-ua0-x22a.google.com with SMTP id 35so11621809uak.1 for <ipv6@ietf.org>; Thu, 12 Jan 2017 03:08:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=mHsHD+c9E3dEbjGQdN1qPbgWOrQbTvgkuQ2mgZ6mHwA=; b=EzKZbPOmgpV9J5vjaVLxo76EPo9B0711c2MNjSTz0xX+lN97eR+6ZrRkkpM7chcqVV ZXz63FALY18yAEX6/Fj1CLLRhDiGN1msuno3+wgR+rrbpNxE9tDKs0bHSGGSwNgxE9hG jcgoidB8FMEVkxrZ4+Cg51VKJpv8AXGK+K0a3VspmIf35cnnlEOee8g4sclYFpHY+Sye k05S8gNB6SBYvCwYIrUlOYI2ncq1gN21KoOO+fvjQrKKtrWdkRyrgDccGypRt8fXfvQm P14qdCBtbQNjtyzM28lUpU0MhQpIa1Rc4h6JVtWqRU0xly9C8LOA5HBKs5mt+23NTN+y r9kA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=mHsHD+c9E3dEbjGQdN1qPbgWOrQbTvgkuQ2mgZ6mHwA=; b=cvOahwY+MVbu7qv4ILztZ1M4XsFmadLRH8Si1e5WUCMae8oTXcV6sCS4Nizf/qBtxN JatEHLcuWEf0Ob9b9O0JD5ckDuP2zcuOLqynyA5FPvXn9bt0xSArB4N6w6Z6NUyJWlr8 TiUe4XwSyhvloLK+2aT7KzgynQwJQiR63TFu2c2nruSD7iHHP/NjHVHUgBpmEmj4lRSX ijaUE1NsguhLKoqAfdMFaaN80oSGO79sd1jtrf8OKSP2z2fXGSjfhTZYQksreAt6I9wV 8zJ8OVNvVUYoOOeifrLFrZoB0Giup78vknVKnsWmXuGBDNgi2GbXQB4s8miKP6Z4f6Et i+Lw==
X-Gm-Message-State: AIkVDXLM44S3vCgBFqyXHb+Ee7ILVUT3rw3ur09FN7fuER3uGod9stsMcwzLRaU59eBjbADhiFWSbdNuZnwcFnc2
X-Received: by 10.159.49.27 with SMTP id m27mr7241804uab.72.1484219337706; Thu, 12 Jan 2017 03:08:57 -0800 (PST)
MIME-Version: 1.0
Received: by 10.31.49.77 with HTTP; Thu, 12 Jan 2017 03:08:37 -0800 (PST)
In-Reply-To: <b3707115-b9d1-cc14-4cb9-0a3ffdd0cdfc@si6networks.com>
References: <1E7F90AC-79BB-49BE-B397-EC829EA95AA4@gmail.com> <CAKD1Yr0O6gnXZc3qEY7bqkBYu-sx1_erwum2DRwpe+Vv+jmdiw@mail.gmail.com> <7456833d-aa3f-d368-6041-cfdc1ac95f6f@si6networks.com> <CAKD1Yr1dQF7Cg0mppZVcSXC15pue_y1Qb-GugKY+G8u-dRyJtg@mail.gmail.com> <89fc8838-f6cd-1647-8468-1c8c11466aff@si6networks.com> <CAKD1Yr2z22ZX85ywAcqobbHZ20Kx4VvFhEmzJnSG_0hQBLLvyw@mail.gmail.com> <b3707115-b9d1-cc14-4cb9-0a3ffdd0cdfc@si6networks.com>
From: Lorenzo Colitti <lorenzo@google.com>
Date: Thu, 12 Jan 2017 20:08:37 +0900
Message-ID: <CAKD1Yr0WkMJ4+FwdE2Re=Aifm2HgCha2i67mexpcO5rkz3PYww@mail.gmail.com>
Subject: Re: <draft-ietf-6man-default-iids> update to rfc2464bis
To: Fernando Gont <fgont@si6networks.com>
Content-Type: multipart/alternative; boundary="f403045ddf7464dad80545e3be02"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/2d8WwkVqUoEEpaVe_2yUx8a-KC4>
Cc: IPv6 List <ipv6@ietf.org>, Bob Hinden <bob.hinden@gmail.com>, Suresh Krishnan <suresh.krishnan@ericsson.com>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Jan 2017 11:09:00 -0000

On Thu, Jan 12, 2017 at 7:25 PM, Fernando Gont <fgont@si6networks.com>
wrote:

> > I don't see why we should forbid this. It's a legitimate implementation
> > choice, and has excellent privacy properties :-)
>
> I'm not saying we should forbid this -- actually, there are scenarios
> where it should probably be the recommended approach.
>
> But that's not the operating model we have right now -- that's the point.
>

The point I am making is that according to current and
about-to-be-published specs, a node is free to create addresses that change
over time, since nothing forbids it.


> > Sure. If you can find rough consensus to say all other methods of
> > generating IIDs are bad and should not be used, the IETF will publish a
> > document saying that. My bet is that you won't.
>
> I'm not saying that. For instance, if you want temp addresses, and you
> decide to send the 64 bits with a PRNG of your choice, that's fine. If
> your goal is privacy and you decide to waste 18 bits 'cause you want to
> stick to modified-eui64, you're doing a lousy job.
>

Good, then we agree that a node is free to create addresses that change
over time using schemes that are not described in RFC 7217, RFC 4941, or
any other document.


> > To get back to the original point: in the current state of the documents
> > that we have published or are about to publish (e.g., the default-iids
> > draft), as reflecting the consensus call sin th it's not true that
> > modified EUI-64 is not recommended. It's only not recommended if you use
> > stable link-layer addresses.
> >
> > Bob, Ole, Suresh: can we also amend or remove this text in 4291bis
> > before we publish it? I think it's an oversight because there was clear
> > consensus in 6man (Fernando being in the rough) that it was OK to use
> > modified EUI-64 with non-stable MAC addresses:
> >
> >    Earlier versions of this document described a method of forming
> >    interface identifiers derived from IEEE MAC-layer addresses call
> >    Modified EUI-64 format.  These are described in Appendix A and are no
> >    longer recommended.
>
> All these documents are about generating stable addresses, not temporary
> addresses. So I'm not sure why the text should be removed. The text in
> all this documents ae about stable addresses. IETF-wise, the only doc
> that is about temporary addresses is RFC4941. Hence the text seems
> correct to me.


If instead of removing that text we can clarify that it only applies to
stable addresses, that works for me. Suggestion: change "These are
described in Appendix A and are no longer recommended." to ""These are
described in Appendix A and are no longer recommended for stable addresses."

The reason the text needs to be changed is because during the discussion of
default-iids there was substantial discussion of the use case of using
EUI-64 with randomized MAC addresses. There was consensus that this is a
use case we want to support, and as a result, the working group concluded
that we should change every occurrence of the phrase "based on a link-layer
address" to "based on a stable link-layer address" in the default-iids
draft. We should make the same distinction in 4291bis and 2464bis: EUI-64
is not recommended for use with stable link-layer addresses, but it can be
used with non-stable link-layer addresses.

You're certainly entitled to your opinion that using EUI-64 with random MAC
addresses is not a good idea, but IETF documents are not based on the
opinion of one participants, they are based on rough consensus.

v2.23.0 | Report a Bug | By Email