Re: draft-gont-6man-managing-privacy-extensions-00.txt
Mark Smith <ipng@69706e6720323030352d30312d31340a.nosense.org> Wed, 09 March 2011 20:43 UTC
Return-Path: <ipng@69706e6720323030352d30312d31340a.nosense.org>
X-Original-To: ipv6@core3.amsl.com
Delivered-To: ipv6@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 10B623A6AB1 for <ipv6@core3.amsl.com>; Wed, 9 Mar 2011 12:43:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.572
X-Spam-Level:
X-Spam-Status: No, score=-1.572 tagged_above=-999 required=5 tests=[AWL=-0.277, BAYES_00=-2.599, HELO_EQ_AU=0.377, HOST_EQ_AU=0.327, J_CHICKENPOX_32=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CyA9EZ4prhWH for <ipv6@core3.amsl.com>; Wed, 9 Mar 2011 12:43:43 -0800 (PST)
Received: from smtp3.adam.net.au (smtp3.adam.net.au [202.136.110.249]) by core3.amsl.com (Postfix) with ESMTP id E038E3A6A9C for <ipv6@ietf.org>; Wed, 9 Mar 2011 12:43:42 -0800 (PST)
Received: from 114-30-116-21.ip.adam.com.au ([114.30.116.21] helo=opy.nosense.org) by smtp3.adam.net.au with esmtp (Exim 4.63) (envelope-from <ipng@69706e6720323030352d30312d31340a.nosense.org>) id 1PxQFe-0000YK-Mb; Thu, 10 Mar 2011 07:14:58 +1030
Received: from opy.nosense.org (localhost.localdomain [IPv6:::1]) by opy.nosense.org (Postfix) with ESMTP id 439215355C; Thu, 10 Mar 2011 07:14:58 +1030 (CST)
Date: Thu, 10 Mar 2011 07:14:58 +1030
From: Mark Smith <ipng@69706e6720323030352d30312d31340a.nosense.org>
To: RJ Atkinson <rja.lists@gmail.com>
Subject: Re: draft-gont-6man-managing-privacy-extensions-00.txt
Message-ID: <20110310071458.76d75e9e@opy.nosense.org>
In-Reply-To: <BD1A42A7-CCD4-4625-94C6-037FD8C3CF2C@gmail.com>
References: <7111FC5F-BC3F-4242-9C3F-037E79894749@gmail.com> <alpine.DEB.1.10.1103091212570.7942@uplift.swm.pp.se> <AANLkTim7W3BCCgW_Hpvr3p+SdYobpk-yoZYTtbWxL14r@mail.gmail.com> <alpine.DEB.1.10.1103091552560.7942@uplift.swm.pp.se> <BD1A42A7-CCD4-4625-94C6-037FD8C3CF2C@gmail.com>
X-Mailer: Claws Mail 3.7.8 (GTK+ 2.22.1; x86_64-unknown-linux-gnu)
X-Location: Lower Mitcham, South Australia, 5062
Mime-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Cc: ipv6@ietf.org
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Mar 2011 20:43:44 -0000
Hi Ran, On Wed, 9 Mar 2011 10:51:59 -0500 RJ Atkinson <rja.lists@gmail.com> wrote: > > On 09 Mar 2011, at 09:57 , Mikael Abrahamsson wrote: > > Privacy Extensions is not the only mechanisms that might create an > > address to be used, thus I think the "disable privacy" flag is meaningless. > > > > If you want to know the mac address of the computer who used an > > IP address at a certain time, then you need to tell the host > > to only use EUI64 based address and nothing else, you don't tell it > > to disable privacy extensions. > > > > Just because privacy extensions is the only address widely seen > > today as being non-EUI64, doesn't mean that if you disable privacy, > > you get only single EUI64. > > The above is a very helpful clarification. > > Based on that, I agree with Mikael that the correct semantic > to the flag should be to require direct/embedded use of a > hardware MAC value for the IPv6 IID. That would disallow > not only the (pseudo-)Privacy addresses, but any other kind > of addressing that would not embed a hardware address in the IID. > That may have unintended consequences. If a hardware address isn't available, IIDs can be generated randomly, so if this flag was properly obeyed, these random IID end-nodes should not acquire addresses. An example of where this might matter is on a large scale PPP deployment. If an ISP switched this flag on in the RAs it sends over PPP sessions on the BRAS, and the CPE PPP implementations did not use hardware derived IIDs (i.e. sourced from another interfaces), the PPP session may not come up. Another property of IPV6CP is to negotiate IIDs, to overcome collisions if they occur. On a BRAS, the scope of the collision detection may not only be within a single PPP session, but across all of them, which may number in the 10s of 1000s. Taking a step back, I'm wondering what the actual problem with privacy addresses is - neither of the drafts have specifically said. Is it that they're a random, non-hardware derived IID, or is it that they're random, non-hardware derived IID and that they change over time? If hardware derived IIDs are enforced, there aren't any guarantees that the underlying hardware address isn't random either, or won't be made so intentionally by somebody who wants to preserve their network layer anonimity. Temporarily changing MAC addresses on Ethernet cards is easy if you've got admin access to an OS (or at least, on Windows and Linux it is, not sure about Mac OS X). Regards, Mark.
- draft-gont-6man-managing-privacy-extensions-00.txt Ran Atkinson
- Re: draft-gont-6man-managing-privacy-extensions-0… Mikael Abrahamsson
- Re: draft-gont-6man-managing-privacy-extensions-0… huabing yu
- Re: draft-gont-6man-managing-privacy-extensions-0… Mikael Abrahamsson
- Re: draft-gont-6man-managing-privacy-extensions-0… RJ Atkinson
- Re: draft-gont-6man-managing-privacy-extensions-0… Brian E Carpenter
- Re: draft-gont-6man-managing-privacy-extensions-0… james woodyatt
- Re: draft-gont-6man-managing-privacy-extensions-0… RJ Atkinson
- Re: draft-gont-6man-managing-privacy-extensions-0… Joel M. Halpern
- Re: draft-gont-6man-managing-privacy-extensions-0… Mark Smith
- Re: draft-gont-6man-managing-privacy-extensions-0… Mark Smith
- Re: draft-gont-6man-managing-privacy-extensions-0… Mark Smith
- Re: draft-gont-6man-managing-privacy-extensions-0… Brian E Carpenter
- RE: draft-gont-6man-managing-privacy-extensions-0… Dan Wing
- Re: draft-gont-6man-managing-privacy-extensions-0… Ran Atkinson
- Re: RE: draft-gont-6man-managing-privacy-extensio… Cameron Byrne
- Re: draft-gont-6man-managing-privacy-extensions-0… james woodyatt
- RE: draft-gont-6man-managing-privacy-extensions-0… Paul Chilton
- RE: draft-gont-6man-managing-privacy-extensions-0… Dan Wing
- RE: draft-gont-6man-managing-privacy-extensions-0… Dan Wing
- RE: draft-gont-6man-managing-privacy-extensions-0… Christian Huitema
- Re: draft-gont-6man-managing-privacy-extensions-0… Doug Barton
- Re: draft-gont-6man-managing-privacy-extensions-0… Thomas Narten
- Re: draft-gont-6man-managing-privacy-extensions-0… Mark Townsley
- Re: draft-gont-6man-managing-privacy-extensions-0… Mark Townsley
- Re: draft-gont-6man-managing-privacy-extensions-0… Fernando Gont
- Re: draft-gont-6man-managing-privacy-extensions-0… Fernando Gont
- Re: draft-gont-6man-managing-privacy-extensions-0… Fernando Gont
- Re: draft-gont-6man-managing-privacy-extensions-0… Fernando Gont
- Re: draft-gont-6man-managing-privacy-extensions-0… Fernando Gont
- Re: draft-gont-6man-managing-privacy-extensions-0… Fernando Gont
- Re: draft-gont-6man-managing-privacy-extensions-0… Scott W Brim
- Re: draft-gont-6man-managing-privacy-extensions-0… sthaug
- RE: draft-gont-6man-managing-privacy-extensions-0… Christian Huitema
- Re: draft-gont-6man-managing-privacy-extensions-0… Brian E Carpenter
- Re: draft-gont-6man-managing-privacy-extensions-0… Fernando Gont
- RE: draft-gont-6man-managing-privacy-extensions-0… Christian Huitema
- Re: draft-gont-6man-managing-privacy-extensions-0… Doug Barton
- Re: draft-gont-6man-managing-privacy-extensions-0… Fernando Gont
- Re: draft-gont-6man-managing-privacy-extensions-0… Fernando Gont
- Re: draft-gont-6man-managing-privacy-extensions-0… Mark Smith
- Re: draft-gont-6man-managing-privacy-extensions-0… Ole Troan
- Re: draft-gont-6man-managing-privacy-extensions-0… Fernando Gont
- Re: draft-gont-6man-managing-privacy-extensions-0… Brian E Carpenter
- Re: draft-gont-6man-managing-privacy-extensions-0… Fernando Gont
- RE: draft-gont-6man-managing-privacy-extensions-0… Christian Huitema
- Re: draft-gont-6man-managing-privacy-extensions-0… sthaug
- Re: draft-gont-6man-managing-privacy-extensions-0… Brian Haley
- Re: draft-gont-6man-managing-privacy-extensions-0… Fernando Gont
- Re: draft-gont-6man-managing-privacy-extensions-0… Mohacsi Janos
- Re: draft-gont-6man-managing-privacy-extensions-0… Yu Hua bing
- Re: draft-gont-6man-managing-privacy-extensions-0… Rémi Després
- Re: draft-gont-6man-managing-privacy-extensions-0… Fernando Gont
- Re: draft-gont-6man-managing-privacy-extensions-0… Fernando Gont
- Re: draft-gont-6man-managing-privacy-extensions-0… Fernando Gont
- Re: draft-gont-6man-managing-privacy-extensions-0… Mark Smith